USN-488-1: mod_perl vulnerability

18 July 2007

mod_perl vulnerability



Alex Solovey discovered that mod_perl did not correctly validate certain
regular expression matches. A remote attacker could send a specially
crafted request to a web application using mod_perl, causing the web
server to monopolize CPU resources. This could lead to a remote denial
of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
  • libapache2-mod-perl2 - 2.0.2-2.3ubuntu1
Ubuntu 6.10
  • libapache2-mod-perl2 - 2.0.2-2ubuntu1.6.10.1
Ubuntu 6.06
  • libapache2-mod-perl2 - 2.0.2-2ubuntu1.6.06.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.