Synopsis:	Moderate: apr-util security update
Issue date:	2010-12-07
CVE Names:	CVE-2010-1623

It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly 
use this flaw to trigger high memory consumption. (CVE-2010-1623)

Applications using the apr-util library, such as httpd, must be 
restarted for this update to take effect.

SL 4.x

      SRPMS:
apr-util-0.9.4-22.el4_8.3.src.rpm
      i386:
apr-util-0.9.4-22.el4_8.3.i386.rpm
apr-util-devel-0.9.4-22.el4_8.3.i386.rpm
      x86_64:
apr-util-0.9.4-22.el4_8.3.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm

SL 5.x

      SRPMS:
apr-util-1.2.7-11.el5_5.2.src.rpm
      i386:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-docs-1.2.7-11.el5_5.2.i386.rpm
apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm
      x86_64:
apr-util-1.2.7-11.el5_5.2.i386.rpm
apr-util-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-devel-1.2.7-11.el5_5.2.i386.rpm
apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm
apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm

-Connie Sieh
-Troy Dawson