apr-1.2.7-11.AXS3.4

エラータID: AXSA:2011-195:01

Release date: 
Thursday, May 19, 2011 - 12:15
Subject: 
apr-1.2.7-11.AXS3.4
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2.
Security issues fixed with this release:
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Solution: 

Update packages.

CVEs: 
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.


Additional Info: 

N/A

Download: 

SRPMS
  1. apr-1.2.7-11.AXS3.4.src.rpm
    MD5: d52c36c97f1bc70878f06cff13498050
    SHA-256: 513b2585136c426c99d15ad5747ecd61cffd7af704cde63bc73411259f4642fa
    Size: 1.08 MB

Asianux Server 3 for x86
  1. apr-1.2.7-11.AXS3.4.i386.rpm
    MD5: 1917234a59f4ebdc470421673fbb1088
    SHA-256: 009664a4dc6c1c7ed0542119988f867ce39fbb841b64e81b79b7d1d6a1cf1811
    Size: 124.47 kB
  2. apr-devel-1.2.7-11.AXS3.4.i386.rpm
    MD5: dbf680915fb7db220eaf8f9d6e6b1b89
    SHA-256: 7dabb11073330924df718a6999755fdafdfdaf454fb06600efed902f53faa6ac
    Size: 234.70 kB

Asianux Server 3 for x86_64
  1. apr-1.2.7-11.AXS3.4.x86_64.rpm
    MD5: e5d31b76ed1fc1b4497e63b7a42f1e89
    SHA-256: 7ef4a04fd7d5794c3f17ad7668b4a3b5ddc78f234b0d30e465769ef04534f905
    Size: 120.00 kB
  2. apr-devel-1.2.7-11.AXS3.4.x86_64.rpm
    MD5: fce7e484d2dc6c394f798951e745a905
    SHA-256: 98eac7c31e237275c3253c7a5733ae039cfc3c3e2a488743af46b063282d1109
    Size: 240.09 kB