lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NGNiC-0005mO-Ar@titan.mandriva.com>
Date: Fri, 04 Dec 2009 03:16:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:314 ] apr


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:314
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apr
 Date    : December 4, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed in
 apr and apr-util:
 
 Multiple integer overflows in the Apache Portable Runtime (APR)
 library and the Apache Portable Utility library (aka APR-util)
 0.9.x and 1.3.x allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via vectors that
 trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc
 function in memory/unix/apr_pools.c in APR; or crafted calls to
 the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc
 function in misc/apr_rmm.c in APR-util; leading to buffer overflows.
 NOTE: some of these details are obtained from third party information
 (CVE-2009-2412).
 
 The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
 Apache APR-util before 1.3.5 allows remote attackers to cause a denial
 of service (daemon crash) via crafted input involving (1) a .htaccess
 file used with the Apache HTTP Server, (2) the SVNMasterURI directive
 in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
 module for the Apache HTTP Server, or (4) an application that uses
 the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
 
 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
 Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
 modules in the Apache HTTP Server, allows remote attackers to
 cause a denial of service (memory consumption) via a crafted XML
 document containing a large number of nested entity references, as
 demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
 (CVE-2009-1955).
 
 Off-by-one error in the apr_brigade_vprintf function in Apache APR-util
 before 1.3.5 on big-endian platforms allows remote attackers to obtain
 sensitive information or cause a denial of service (application crash)
 via crafted input (CVE-2009-1956).
 
 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 d55d5dd456de0c7977f93bff217406d7  2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm
 bd02eb2233dcc07aadd7e5eb84df9ce8  2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm
 334e127fb8ac03379c8a5f2ee7c144b6  2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm
 4307983fb3d21ab0f9955711e116f92e  2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm
 ff24f1e1587f2210346ea134d4a2053e  2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm
 3d50a85109e011ced9e36f1565e9bc69  2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm
 b786e2329fc63d459b841bf001261543  2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 
 6ef7669ea3d0db3dbaed35f35ae2dbdc  2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
 1a923fc9c2f912ef339b942a59bff4e6  2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 91588bbcf3940cd106b0fe458be6d4b9  2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm
 b71d8b14cc536cf8a2448b353d2b4047  2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm
 10b889bb625dbae01711ed7e8e101744  2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm
 068334fc392c68f9b29e629dd3776f83  2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm
 a9ed011d8b421e8604e66a87a4972477  2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm
 c08da53c4c88464249f46c6577f3c2a8  2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm
 4b1b86a3e07f4b87a1a53f0dbaaa3aff  2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 
 6ef7669ea3d0db3dbaed35f35ae2dbdc  2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
 1a923fc9c2f912ef339b942a59bff4e6  2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy
wuYdtSQeV/bOOP7w17qo2V0=
=V8dA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ