apr-util-1.2.7-7AXS3.1
エラータID: AXSA:2009-69:01
リリース日:
2009/06/18 Thursday - 14:42
題名:
apr-util-1.2.7-7AXS3.1
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache の APR-util の apr_strmatch_precompile 関数には、巧妙に作られたファイルやアプリケーションからの入力によって、リモートの攻撃者がサービス拒否 (デーモンのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-0023)
- Apache の APR-utilの expat XML パーサには、巧妙に作られた XML ドキュメントによって、リモートの攻撃者がサービス拒否 (メモリ消費) を引き起こす脆弱性があります。(CVE-2009-1955)
- Apache の apr_brigade_vprint 関数にはビッグエンディアンプラットホームで一つずれエラーが存在し、巧妙に作られた入力によって、リモートの攻撃者が機密情報を得たり、サービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-1956)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVE-2009-1956
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
追加情報:
N/A
ダウンロード:
SRPMS
- apr-util-1.2.7-7AXS3.1.src.rpm
MD5: d8903dc666d6e37cc796e0f4d28bf553
SHA-256: 74c84f9cdfec3f29509467ffd2d42ccba4a1ef045c66e4c898cabf50e9acfea1
Size: 638.50 kB
Asianux Server 3 for x86
- apr-util-1.2.7-7AXS3.1.i386.rpm
MD5: e8b491aa582ca40c5b696dc4fd49cc20
SHA-256: 1b91e1d7b83cc61f268c9d69486474a5eacdab593e264fd772e8aaf017191834
Size: 76.06 kB - apr-util-devel-1.2.7-7AXS3.1.i386.rpm
MD5: ed6f827aa511d4af835dcb8be1a8ff68
SHA-256: 80e2f5500cbe95acf5cc58ee523cffd977b49202c65718819bf536357a56201b
Size: 54.94 kB
Asianux Server 3 for x86_64
- apr-util-1.2.7-7AXS3.1.x86_64.rpm
MD5: 3c7b9711844db7f028605130c6f3badb
SHA-256: ee409177a3c6841b15efc4fedcc3b7e63a316bcb79a9a9dcfab018541c565476
Size: 73.63 kB - apr-util-devel-1.2.7-7AXS3.1.x86_64.rpm
MD5: c097f6287694233dfe28884ef51a95f1
SHA-256: 33bc2e336811a2952d48de6d9381a27e15d0928137d8f70030d76fea97b09dbd
Size: 55.10 kB