Advisories » MGASA-2017-0427

Updated apr-util packages fix security vulnerability

Publication date: 26 Nov 2017
Modification date: 26 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12618

Description

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to
validate the integrity of SDBM database files used by apr_sdbm*()
functions, resulting in a possible out of bound read access. A local
user with write access to the database can make a program or process
using these functions crash, and cause a denial of service
(CVE-2017-12618).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22054
• http://www.apache.org/dist/apr/Announcement1.x.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3Z2STTD6D27UYP6XERSJGSCPYXEZ7KN6/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618

SRPMS

5/core

• apr-util-1.5.4-5.mga5

6/core

• apr-util-1.5.4-8.mga6