Debian 7 Critical: DLA-1162-1 Apr Out-Of-Bounds Memory Issue
debian lts
November 6, 2017
It was discovered that there was an out-of-bounds memory vulnerability in apr, a support/portability library for various applications
Topics Covered
Summary
When the apr_exp_time*() or apr_os_exp_time*() functions were invoked
with an invalid month field value, out of bounds memory may have been be
accessed when converting this value to an apr_time_exp_t value. This
could have potentially revealed the contents of a different static heap
value or resulted in program termination.
For Debian 7 "Wheezy", this issue has been fixed in apr version
1.4.6-3+deb7u2.
We recommend that you upgrade your apr packages.
Regards,
- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: apr
Version: 1.4.6-3+deb7u2
CVE ID: CVE-2017-12613
Debian Bug: #879708
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!