Synopsis: Moderate: apr-util security update Issue date: 2010-12-07 CVE Names: CVE-2010-1623 It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) Applications using the apr-util library, such as httpd, must be restarted for this update to take effect. SL 4.x SRPMS: apr-util-0.9.4-22.el4_8.3.src.rpm i386: apr-util-0.9.4-22.el4_8.3.i386.rpm apr-util-devel-0.9.4-22.el4_8.3.i386.rpm x86_64: apr-util-0.9.4-22.el4_8.3.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm SL 5.x SRPMS: apr-util-1.2.7-11.el5_5.2.src.rpm i386: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm apr-util-docs-1.2.7-11.el5_5.2.i386.rpm apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm x86_64: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-1.2.7-11.el5_5.2.x86_64.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm -Connie Sieh -Troy Dawson