apr-1.3.9-5.AXS4.1

エラータID: AXSA:2017-2427:01

Release date: 
Monday, December 4, 2017 - 17:29
Subject: 
apr-1.3.9-5.AXS4.1
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.

Security Fix(es):

* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)

CVE-2017-12613
When apr_exp_time*() or apr_os_exp_time*() functions are invoked with
an invalid month field value in Apache Portable Runtime APR 1.6.2 and
prior, out of bounds memory may be accessed in converting this value
to an apr_time_exp_t value, potentially revealing the contents of a
different static heap value or resulting in program termination, and
may represent an information disclosure or denial of service
vulnerability to applications which call these APR functions with
unvalidated external input.

Solution: 

Update packages.

CVEs: 
CVE-2017-12613
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Additional Info: 

N/A

Download: 

SRPMS
  1. apr-1.3.9-5.AXS4.1.src.rpm
    MD5: b33056692262ce1fd6eb2c5d43fe9325
    SHA-256: e3f9dc0c18292e55a2a1fd0693c2fde29c8f26c675a78a226b8b0675775b78af
    Size: 936.13 kB

Asianux Server 4 for x86
  1. apr-1.3.9-5.AXS4.1.i686.rpm
    MD5: 926ec313b6511acd67e5902fe4d5a1dd
    SHA-256: ea5c62867adb9ea34635e1589e6d26c4b9355ec64b9534972bd8b27b2108daac
    Size: 128.81 kB
  2. apr-devel-1.3.9-5.AXS4.1.i686.rpm
    MD5: 1f63840fed32c44d9c5a83c08041725e
    SHA-256: 9038eaccd03f673e399d4b96c3ce6e84603faebc1dadab359341532288cf07c5
    Size: 175.80 kB

Asianux Server 4 for x86_64
  1. apr-1.3.9-5.AXS4.1.x86_64.rpm
    MD5: d8ac1df4ea5979db16579fde6c0ba5c4
    SHA-256: 61ffa992718a05e9ca4d29602ff10eb80de3094d3b8e21151d93ac7b9e172032
    Size: 122.64 kB
  2. apr-devel-1.3.9-5.AXS4.1.x86_64.rpm
    MD5: 01c81fb0f145e7f627c347278079713c
    SHA-256: c4c6058dce67f8120cc34f1522064720cac4180c0323103999e8250276f665c6
    Size: 175.34 kB
  3. apr-1.3.9-5.AXS4.1.i686.rpm
    MD5: 926ec313b6511acd67e5902fe4d5a1dd
    SHA-256: ea5c62867adb9ea34635e1589e6d26c4b9355ec64b9534972bd8b27b2108daac
    Size: 128.81 kB
  4. apr-devel-1.3.9-5.AXS4.1.i686.rpm
    MD5: 1f63840fed32c44d9c5a83c08041725e
    SHA-256: 9038eaccd03f673e399d4b96c3ce6e84603faebc1dadab359341532288cf07c5
    Size: 175.80 kB