[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1162-1] apr security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : apr
Version        : 1.4.6-3+deb7u2
CVE ID         : CVE-2017-12613
Debian Bug     : #879708

It was discovered that there was an out-of-bounds memory vulnerability
in apr, a support/portability library for various applications.

When the apr_exp_time*() or apr_os_exp_time*() functions were invoked
with an invalid month field value, out of bounds memory may have been be
accessed when converting this value to an apr_time_exp_t value. This
could have potentially revealed the contents of a different static heap
value or resulted in program termination.

For Debian 7 "Wheezy", this issue has been fixed in apr version
1.4.6-3+deb7u2.

We recommend that you upgrade your apr packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAloAzDAACgkQHpU+J9Qx
HljHxRAAmPvNEHVkHiBdUsHuiAaxgH5TfxAj3GoTBxlwXKJO+Vn/iUg0vCE/meZR
jr4e1Uw20g+zyTkdX6WWZ0Klun/fL9pmo69plpCtiYMFGPvETc6msU/WC/emXZKW
OzMuxZlmkL+c3uGc6UTjgk4lWQC4GMwSyT/Iz6JuFl/IO4r5YI9RokK2DkMCf/AP
Q8EbLcly87noSbk5qBooiaBAFdpaiyRcG6fQViIfu5SB/RkaLjkVxLuQ7hjo8LYb
QuqQyY+/4TcS0UA8dXTnE+iIzDF6IqdXyzHCEfIRFw3rC6UqU6grY2qouBGaRXS/
DcKJX3c9caLzlzRixs63i7cix3DvpYYZ9wDwg6iQziOZ3Tu0TfMSXzh1SnXQHvaK
91NwgJjBxerq3MR03tEMd+pZPK4LuIxeLLD5NwRALsNb4J5xhL6k3nojEe2RdK4I
aelPzmb3b5kkRscb/rrafKUvUnfH1XPQlZ/jGYpcBhAuG3rUof0TYgECL21V/TAC
Zq8sHzhd2udxpjh7/9WD0CPJ6qJr8ZvjHJrJcXfI85aZUfuq9ziYEZGW8m6pA15d
U12Ow0XNxzKqdUCZz4B/w/Sx7nyPyPPon2hHNLh+PCnk3856E0VDlCsjkCDlyzau
jxDJLlsd/JXmtlUDKylyPHvud1dazoto+a4pbVhVYtBq7SeDaYU=
=ITm3
-----END PGP SIGNATURE-----
Reply to: