Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Core 1: FEDORA-2004-307 Moderate: apr-util Input Issue

fedora
Calendar Grey September 16, 2004
Dist Fedora Esm H88
Fedora Core 2 has released a patch for the libxml library, addressing a security issue that could cause application failures when processing malicious XML documents.
Testing using the Codenomicon HTTP Test Tool performed by the ApacheSoftware Foundation security group and Red Hat uncovered an inputvalidation issue in the IPv6 URI parsing routin...

Summary

The mission of the Apache Portable Runtime (APR) is to provide a

free library of C data structures and routines. This library

contains additional utility interfaces for APR; including support

for XML, LDAP, database interfaces, URI parsing and more.

Update Information:

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue.

This update includes a backported patch for this issue.

* Wed Sep 15 2004 Joe Orton <jorton@redhat.com> 0.9.4-2.1

- add security fix for CAN-2004-0786 - add fix for SHA1 password support

This update can be downloaded from:


a20b967ffa4e004ba2c24ae6f6d0285b SRPMS/apr-util-0.9.4-2.1.src.rpm 51a0579a62f8a8883946b88863aec3d0 x86_64/apr-util-0.9.4-2.1.x86_64.rpm 814f6f5290b802b1997da32c569034c1 x86_64/apr-util-devel-0.9.4-2.1.x86_64.rpm 0344e8181664d9e6b37bc298fe79cc95 x86_64/debug/apr-util-debuginfo-0.9.4-2.1.x86_64.rpm 6d8df3d6e25c851161e1...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate network security Fedora input validation apr-util

Change Log

References

Fedora Update Notification FEDORA-2004-307 2004-09-16
Product : Fedora Core 1 Name : apr-util Version : 0.9.4 Release : 2.1 Summary : Apache Portable Runtime Utility library Description : The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more.

Update Instructions

Product: Fedora Core 1
Name: apr-util
Version: 0.9.4
Release: 2.1
Summary: Apache Portable Runtime Utility library

Topics%20covered

Topics Covered

security advisory moderate network security Fedora input validation apr-util

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here