httpd24-apr-1.5.1-1.AXS4.1
エラータID: AXSA:2018-2580:01
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.
Security Fix(es):
* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
CVE-2017-12613
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with
an invalid month field value in Apache Portable Runtime APR 1.6.2 and
prior, out of bounds memory may be accessed in converting this value
to an apr_time_exp_t value, potentially revealing the contents of a
different static heap value or resulting in program termination, and
may represent an information disclosure or denial of service
vulnerability to applications which call these APR functions with
unvalidated external input.
Update packages.
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
N/A
SRPMS
- httpd24-apr-1.5.1-1.AXS4.1.src.rpm
MD5: 2af809e6aec7a4d569cc4896a95d725c
SHA-256: a59ddcdf9abfac571e280257ad5c7a37cea0899d016bd44d2ee8e85f2dd0c8b3
Size: 821.37 kB
Asianux Server 4 for x86_64
- httpd24-apr-1.5.1-1.AXS4.1.x86_64.rpm
MD5: 564de43e2177f14a452e84f6cb006eff
SHA-256: a24bc8abce73ae0ae5a909bacbd01b9080c687d1a7faa1fee6e267f1dc135536
Size: 102.28 kB - httpd24-apr-devel-1.5.1-1.AXS4.1.x86_64.rpm
MD5: 04b7c2b015d1369856bf6e078fad26b6
SHA-256: b0534fadb84d8da3949c51d08b1359218555c57edbc93dd0f23b57c3d4bf60f1
Size: 184.08 kB