apr-1.4.8-3.el7.1

エラータID: AXSA:2017-2425:01

Release date: 
Monday, December 4, 2017 - 17:03
Subject: 
apr-1.4.8-3.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.

Security Fix(es):

* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)

CVE-2017-12613
When apr_exp_time*() or apr_os_exp_time*() functions are invoked with
an invalid month field value in Apache Portable Runtime APR 1.6.2 and
prior, out of bounds memory may be accessed in converting this value
to an apr_time_exp_t value, potentially revealing the contents of a
different static heap value or resulting in program termination, and
may represent an information disclosure or denial of service
vulnerability to applications which call these APR functions with
unvalidated external input.

Solution: 

Update packages.

CVEs: 
CVE-2017-12613
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Additional Info: 

N/A

Download: 

SRPMS
  1. apr-1.4.8-3.el7.1.src.rpm
    MD5: 80f8f585920c7e0114a4b4851cc701b8
    SHA-256: cf22ed077f235a642c1c344fc5825237350c6d071ea40f5c6b68c2506c7fbf96
    Size: 777.38 kB

Asianux Server 7 for x86_64
  1. apr-1.4.8-3.el7.1.x86_64.rpm
    MD5: 32eb73262bec0f6e548bf49a3b2585a3
    SHA-256: 34a96baacdbe722fef8ab0f5c677261d9c1f4cb20653abad20bbe1d749860e0e
    Size: 102.34 kB
  2. apr-devel-1.4.8-3.el7.1.x86_64.rpm
    MD5: 00c4fb9408a0cfd5da1ec86460892359
    SHA-256: e836451194e7e21ae550d189ce12b595fb5cdab31980560d233785be11bb9566
    Size: 187.21 kB
  3. apr-1.4.8-3.el7.1.i686.rpm
    MD5: 1a6bb8e44920b9b067f95899f7613d3f
    SHA-256: 6a992234111beaf41c9bdb2fe4f728723f118fc83dc25fb30c11ca0af3804ceb
    Size: 106.93 kB
  4. apr-devel-1.4.8-3.el7.1.i686.rpm
    MD5: dfe5b7e5df9646a62faca854d774f221
    SHA-256: ba01b5003801d7b4365ef3ca9326853457733555cfb8c1445f984cd9f4aa4797
    Size: 187.29 kB