CVE-2012-0031

Published: 18 January 2012

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	hardy	Released (2.2.8-1ubuntu0.23)
	lucid	Released (2.2.14-5ubuntu8.8)
	maverick	Released (2.2.16-1ubuntu3.5)
	natty	Released (2.2.17-1ubuntu1.5)
	oneiric	Released (2.2.20-1ubuntu1.2)
	upstream	Needs triage
	Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1230065 upstream: http://svn.apache.org/viewvc?view=revision&revision=1231058

References

http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/
https://ubuntu.com/security/notices/USN-1368-1
https://www.cve.org/CVERecord?id=CVE-2012-0031
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.