[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1163-1] apr-util security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : apr-util
Version        : 1.4.1-3+deb7u1
CVE ID         : CVE-2017-12618
Debian Bug     : #879996

It was discovered that there was an out-of-bounds read access in
apr-util, a support/portability library used by many applications.

A local user with write access to the database could have made a process
using these functions crash and thus cause a denial-of-service.

For Debian 7 "Wheezy", this issue has been fixed in apr-util version
1.4.1-3+deb7u1.

We recommend that you upgrade your apr-util packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAloA1nQACgkQHpU+J9Qx
Hlgn0A/+NAg5jHgkNf5CFfXWNyy0NqQjXAP9/hhwv5AqMHqOcu3dHLy0pzxZ/cFf
6i0tZyFTeqURL2D/H77PiAQC32KRx4SSw/3zYYGz3DTREay0jvSN1Ch7e7Ddk22c
iog0Sj95iE5+GSFYt+GUbHc/Z9h8wpYeSsTcxERIkMTqScTHk8/zxcmHpGbmn3iR
8RQYts94Hd/fbfXRzEs2u3Y2BTeg63u6h2AYD5DkDc82DTCcAZtsAtPNIZZ2GX1b
Wal3CasBlOjcU5hh4ThMFD0fio+IZ9Jau3VkyCKa8JfCKRQ0XcxS3STRO9Mmt+Ny
Jd3GFo+M+FzI9wcdyL0N3bKyHBFH1Xt6W6lHMGE2gi0ksnmDiwu20cDZE98SVOgg
NJ1Z3W+4j+JD3HkHm1dUMLsb/Cu9beiuZnnfPnoiuvam6zjG50nRs48wfUa3fpMK
12JsgSV2lMS8p82gUF6m+/Vgrb7O8ZQZMfstMSCN+r4okSwjJvD3XskVADo/vl4K
fENIfr1swgb513wLboJljqlKaHDi7h4jyCEka4cDP6g2PPLI5LKxlxN6O7LiXA9m
6l1zwN1fP2RInT009YPf6lQ5fgWDLjWzsyCW9aR5yk6VX3UXLJmdYnKh3SfhlsN8
AMpxw2N6eMWTQKv6IEm7MUu9xDuZw9I0XhcxRMqiQP9C12NiYnQ=
=g1lO
-----END PGP SIGNATURE-----
Reply to: