==========================================================================
Ubuntu Security Notice USN-7038-2
October 16, 2024

apr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- apr: Apache Portable Runtime Library

Details:

USN-7038-1 fixed a vulnerability in Apache Portable Runtime (APR) library.
This update provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

 Thomas Stangner discovered a permission vulnerability in the Apache
 Portable Runtime (APR) library. A local attacker could possibly use this
 issue to read named shared memory segments, potentially exposing sensitive
 application data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libapr1                         1.5.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libapr1-dev                     1.5.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7038-2
  https://ubuntu.com/security/notices/USN-7038-1
  CVE-2023-49582