Does the Apache vulnerability CVE-2012-0883 affect Ubuntu? Have tried searching for it at ubuntu.com but with no hits.
I note that Ubuntu releases an Ubuntu Security Notice (USN) when it issues an update for the vulnerability e.g. USN-1627-1 for CVE-2012-2687 and CVE-2012-4929. However I cannot find any corresponding USN for CVE-2012-0883 although I did find this:
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0883.html
And if Ubuntu is not affected by the vulnerability, what version of Apache contains the fix?
Best Answer
It's clearly written in the page you have linked:
Also, in the same page, there's written:
And if you look at the changelog included in the bug you can see:
This means that the bug has been fixed in Debian since version 2.0.52.
Last but not least, if you look at your
/etc/apache2/envvars
or/usr/share/apache2/build/envvars-std
, you'll see that they don't contain any maliciousLD_LIBRARY_PATH
.