Synopsis: Moderate: apr-util security update
Issue date: 2010-12-07
CVE Names: CVE-2010-1623
It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly
use this flaw to trigger high memory consumption. (CVE-2010-1623)
Applications using the apr-util library, such as httpd, must be
restarted for this update to take effect.
SL 4.x
SRPMS:
apr-util-0.9.4-22.el4_8.3.src.rpm
i386:
apr-util-0.9.4-22.el4_8.3.i386.rpm
apr-util-devel-0.9.4-22.el4_8.3.i386.rpm
x86_64:
apr-util-0.9.4-22.el4_8.3.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm
SL 5.x
SRPMS:
apr-util-1.2.7-11.el5_5.2.src.rpm
i386:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-docs-1.2.7-11.el5_5.2.i386.rpm
apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm
x86_64:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm
-Connie Sieh
-Troy Dawson