Paketname
apr
Datum
2009-08-06
Advisory ID
MDVSA-2009:195-1
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

A vulnerability has been identified and corrected in apr and apr-util:

Multiple integer overflows in the Apache Portable Runtime (APR)
library and the Apache Portable Utility library (aka APR-util)
0.9.x and 1.3.x allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via vectors that
trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc
function in memory/unix/apr_pools.c in APR; or crafted calls to
the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc
function in misc/apr_rmm.c in APR-util; leading to buffer overflows.
NOTE: some of these details are obtained from third party information
(CVE-2009-2412).

This update provides fixes for these vulnerabilities.

Update:

apr-util packages were missing for Mandriva Enterprise Server 5 i586,
this has been adressed with this update.

Aktualisierte Pakete

MES5 i586

 19ed152f311aaa740e498d204e611c87  mes5/i586/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.i586.rpm
 1da16e622bc2aa6fac28b0a9a7c36b39  mes5/i586/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.i586.rpm
 e9e56ac0cbd4316b1687c3e5bf66d3d3  mes5/i586/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.i586.rpm
 fbfaeb1772eb0b22de4b4562f5601c50  mes5/i586/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.i586.rpm
 6da57cdbe02238048ea6dc115a1ae744  mes5/i586/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.i586.rpm
 34beee246bc1206229975aba75776aa2  mes5/i586/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.i586.rpm
 445b930503e3e8f15b220681e67c74b4  mes5/i586/libapr-util1-1.3.4-2.3mdvmes5.i586.rpm
 b53ec99a1242f3d0e31e4267090d4d69  mes5/i586/libapr-util-devel-1.3.4-2.3mdvmes5.i586.rpm 
 ddd3ba83c0f4f0a73954d1ca8b6926c4  mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm

MES5 x86_64

 02e1b437a1451b205d726a804ecba70a  mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.x86_64.rpm
 daa72432fd3545df890a2aa2ebeacc4e  mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.x86_64.rpm
 5c6b4a74cf6df907a88d1474708ba96c  mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.x86_64.rpm
 8cabe517448ab264870e9b786f58db88  mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.x86_64.rpm
 4f49787251d7fac85d39535c82389a6a  mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.x86_64.rpm
 43c974a3636fd725d100332fd0b4f204  mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.x86_64.rpm
 9f0a37e6b63384f216033c6f35975c09  mes5/x86_64/lib64apr-util1-1.3.4-2.3mdvmes5.x86_64.rpm
 99d7a7418d4250764773f6cbcc0ebd6c  mes5/x86_64/lib64apr-util-devel-1.3.4-2.3mdvmes5.x86_64.rpm 
 ddd3ba83c0f4f0a73954d1ca8b6926c4  mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm

Referenzen