===========================================================
Ubuntu Security Notice USN-1022-1 November 25, 2010
apr-util vulnerability
CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libaprutil1 1.2.12+dfsg-3ubuntu0.3

Ubuntu 9.10:
libaprutil1 1.3.9+dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.04.1

Ubuntu 10.10:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.10.1

After a standard system update you need to restart any applications using
APR-util, such as Subversion and Apache, to make all the necessary changes.

Details follow:

It was discovered that APR-util did not properly handle memory when
destroying APR buckets. An attacker could exploit this and cause a denial
of service via memory exhaustion.

===========================================================
Ubuntu Security Notice USN-1021-1 November 25, 2010
apache2 vulnerabilities
CVE-2010-1452, CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.12

Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.19

Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.4

Ubuntu 10.04 LTS:
apache2.2-common 2.2.14-5ubuntu8.4

Ubuntu 10.10:
apache2.2-common 2.2.16-1ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Apache's mod_cache and mod_dav modules incorrectly
handled requests that lacked a path. A remote attacker could exploit this
with a crafted request and cause a denial of service. This issue affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452)

It was discovered that Apache did not properly handle memory when
destroying APR buckets. A remote attacker could exploit this with crafted
requests and cause a denial of service via memory exhaustion. This issue
affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623)

===========================================================
Ubuntu Security Notice USN-1018-1 November 18, 2010
openssl vulnerability
CVE-2010-3864
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.12

Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.4

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.4

Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)