SCIENTIFIC-LINUX-ERRATA Archives

December 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: apr-util on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 8 Dec 2010 13:25:29 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (44 lines) 
Synopsis:	Moderate: apr-util security update
Issue date:	2010-12-07
CVE Names:	CVE-2010-1623

It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly 
use this flaw to trigger high memory consumption. (CVE-2010-1623)

Applications using the apr-util library, such as httpd, must be 
restarted for this update to take effect.

SL 4.x

      SRPMS:
apr-util-0.9.4-22.el4_8.3.src.rpm
      i386:
apr-util-0.9.4-22.el4_8.3.i386.rpm
apr-util-devel-0.9.4-22.el4_8.3.i386.rpm
      x86_64:
apr-util-0.9.4-22.el4_8.3.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm

SL 5.x

      SRPMS:
apr-util-1.2.7-11.el5_5.2.src.rpm
      i386:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-docs-1.2.7-11.el5_5.2.i386.rpm
apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm
      x86_64:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2