apr-1.2.7-11AXS3.1

エラータID: AXSA:2009-372:01

Release date: 
Wednesday, August 19, 2009 - 12:34
Subject: 
apr-1.2.7-11AXS3.1
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2.
Fixed bugs:
CVE-2009-2412
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Solution: 

Update packages.
See also the following errata
apr-util-1.2.7-7AXS3.2 AXSA:2009-373:02

CVEs: 
CVE-2009-2412
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.


Additional Info: 

N/A

Download: 

SRPMS
  1. apr-1.2.7-11AXS3.1.src.rpm
    MD5: 683e45f2845680f5a6339cc518c0ed69
    SHA-256: 04a3365598600585f9cce85546232434db10d81e7c947e739d77b2b564234c79
    Size: 1.07 MB

Asianux Server 3 for x86
  1. apr-1.2.7-11AXS3.1.i386.rpm
    MD5: 16a90912de10f3f3c96294983820b4c8
    SHA-256: e83eb271fea056045916c82613d3cb3444c6144eb2921501e4fa52cf3fe419e3
    Size: 123.34 kB
  2. apr-devel-1.2.7-11AXS3.1.i386.rpm
    MD5: 710148e7427748ee7e1277eb15dacf8e
    SHA-256: 97d57c9def15ed9dd40f041606c6930e3adefb9fcb0efab797b464494cd735b0
    Size: 233.48 kB

Asianux Server 3 for x86_64
  1. apr-1.2.7-11AXS3.1.x86_64.rpm
    MD5: da39004562e1d636535f7d71c732024d
    SHA-256: 64eb06dc3f51c433f6f55b22350aaecc767b41590471f92e319080dca29979cf
    Size: 118.71 kB
  2. apr-devel-1.2.7-11AXS3.1.x86_64.rpm
    MD5: ce79814d76296aea821108a78a98a00b
    SHA-256: c4118dbd7767023b5fca091e07e346faf50ea2d438f3064fdb40cb96a3e7d293
    Size: 238.68 kB