[USN-3825-2] mod_perl vulnerability

protocol=”application/pgp-signature”; boundary=”=-wrIVI/cBZQmayTqJJ27G”

–=-wrIVI/cBZQmayTqJJ27G

Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3825-2
November 22, 2018

libapache2-mod-perl2 vulnerability
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

mod_perl could be made to run programs contrary to expectations.

Software Description:
– libapache2-mod-perl2: Integration of perl with the Apache2 web server

Details:

USN-3825-1 fixed a vulnerability in mod_perl. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

=C2=A0Jan Ingvoldstad discovered that mod_perl incorrectly handled
=C2=A0configuration options to disable being used by unprivileged users,
=C2=A0contrary to the documentation. A local attacker could possibly use
=C2=A0this issue to execute arbitrary Perl code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
=C2=A0 libapache2-mod-perl2=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A02.0.5-5ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://usn.ubuntu.com/usn/usn-3825-2
=C2=A0 https://usn.ubuntu.com/usn/usn-3825-1
=C2=A0 CVE-2011-2767
–=-wrIVI/cBZQmayTqJJ27G

Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb9qqPAAoJEEW851uECx9p9WkQALiq2Vxhl9v9vZELmpx05s7p
TiuyxQH3OMT47mzLarKxa9ZurFgp7QtM5fH0S/hK7OC1lxXbVuPHKmkPiX8XjFwh
E9o3rtqq0f6+gE3nS+YopJ4yOjdbwfhmB25FFS3FWtTpr83GVRr2WXN+i0C/JKWJ
TxI9ke7KAjiH7pAqxfdFTrV6e+LDd8CV9kyIsmQIEik2zk7VbCZjwE68LsxjDfT5
arozd378Ne9xR1FLRPoLTQ+ELHMysp8blmV6FML59eN8Pw9xUO3J8lOIx+zNqZsQ
A8JQCiBIe+o0lKY5x/VpTYam3VsizhEfDkbdPvhsZSQjdbRsyQHw9gCd4z0zQiUx
pQ1Uhb5VmbdZfgGlsqXQo3j91X1vYPzJ1cXKPgCJfrG0hblMSd3pwaTPtX3mTT/D
PIxsLVNa0//mqBP0aAkXzQpV45O0OLBX/oXoN4tNWU3wUb7eMQc3e/+w66aiutg/
Bf8VpMY7QtYtEWXoYYDXRq856CR3tTaFsfFMdobnOLKsk8vZ7o3IL49ZrJLB2Eqs
/luLXXrrS1qPY4VZLb8vuaEoysE67LIcdXkX2gxEYVA+5w5Cu6VFzHqcqSB6F8TM
wPkeBwgBT7Lep5VDJxI2nB49XE7FDiMOgFeNj1+FSRhYWDlFFw71/G0NOy+4c3X7
ZOd6NiAYjhomlzkeYnjS
=7ZWt
—–END PGP SIGNATURE—–

–=-wrIVI/cBZQmayTqJJ27G–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK