Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201710-33 ========================================= Severity: Low Date : 2017-10-27 CVE-ID : CVE-2017-12618 Package : apr-util Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-468 Summary ====== The package apr-util before version 1.6.1-1 is vulnerable to denial of service. Resolution ========= Upgrade to 1.6.1-1. # pacman -Syu "apr-util>=1.6.1-1" The problem has been fixed upstream in version 1.6.1. Workaround ========= None. Description ========== APR-util 1.6.0 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Impact ===== A local attacker with write access to the database can cause a denial of service. References ========= https://lists.apache.org/thread/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg=This email address is being protected from spambots. You need JavaScript enabled to view it. %3E https://security.archlinux.org/CVE-2017-12618