7.5 - USN-173-2

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog):

The following packages are affected:

apache2 apache2-mpm-perchild apache2-mpm-prefork apache2-mpm-threadpool apache2-mpm-worker libpcre3

The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.4 (apache2 for Ubuntu 4.10), 4.5-1.1ubuntu0.4.10.1 (libpcre3 for Ubuntu4.10), or 4.5-1.1ubuntu0.5.04.1 (libpcre3 for Ubuntu 5.04).

A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server processes (exim, PHP, etc.). It is advised to also restart your desktop session.

Details follow:

USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was determined that this did not suffice to prevent all possible overflows, so another update is necessary.

In addition, it was found that the Ubuntu 4.10 version of Apache 2 contains a static copy of the library code, so this package needs to be updated as well. In Ubuntu 5.04, Apache 2 uses the external library from the libpcre3 package.