Subject: | |
From: | |
Reply To: | |
Date: | Tue, 11 Aug 2009 14:33:44 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: apr and apr-util security update
Issue date: 2009-08-10
CVE Names: CVE-2009-2412
CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and
relocatable memory (apr-util) management
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory
pool and relocatable memory allocations. An attacker could use these
flaws to issue a specially-crafted request for memory allocation, which
would lead to a denial of service (application crash) or, potentially,
execute arbitrary code with the privileges of an application using the
APR libraries. (CVE-2009-2412)
Applications using the APR libraries, such as httpd, must be restarted
for this update to take effect.
SL 4.x
SRPMS:
apr-0.9.4-24.9.el4_8.2.src.rpm
apr-util-0.9.4-22.el4_8.2.src.rpm
i386:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-devel-0.9.4-24.9.el4_8.2.i386.rpm
apr-util-0.9.4-22.el4_8.2.i386.rpm
apr-util-devel-0.9.4-22.el4_8.2.i386.rpm
x86_64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-util-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm
SL 5.x
SRPMS:
apr-1.2.7-11.el5_3.1.src.rpm
apr-util-1.2.7-7.el5_3.2.src.rpm
i386:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-docs-1.2.7-11.el5_3.1.i386.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
apr-util-docs-1.2.7-7.el5_3.2.i386.rpm
x86_64:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-1.2.7-11.el5_3.1.x86_64.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.x86_64.rpm
apr-docs-1.2.7-11.el5_3.1.x86_64.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-docs-1.2.7-7.el5_3.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|