[USN-6770-1] Fossil regression
Ian Constantin
ian.constantin at canonical.com
Thu May 9 19:48:02 UTC 2024
==========================================================================
Ubuntu Security Notice USN-6770-1
May 09, 2024
fossil regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Fossil regression
Software Description:
- fossil: DSCM with built-in wiki, http interface and server, tickets datab
Details:
USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The
update lead to the discovery of a regression in Fossil with
regards to the handling of POST requests that do not have a
Content-Length field set. This update fixes the problem.
We apologize for the inconvenience.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
fossil 1:2.23-1ubuntu0.1
Ubuntu 23.10
fossil 1:2.22-1ubuntu0.1
Ubuntu 22.04 LTS
fossil 1:2.18-1ubuntu0.1
Ubuntu 20.04 LTS
fossil 1:2.10-1ubuntu0.1
Ubuntu 18.04 LTS
fossil 1:2.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
fossil 1:1.33-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6770-1
https://launchpad.net/bugs/2064509
Package Information:
https://launchpad.net/ubuntu/+source/fossil/1:2.23-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.22-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.18-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.10-1ubuntu0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240509/6e448121/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list