Fedora Update Notification

Product     : Fedora Core 1
Name        : apr-util
Version     : 0.9.4
Release     : 2.1
Summary     : Apache Portable Runtime Utility library
Description :
The mission of the Apache Portable Runtime (APR) is to provide a
free library of C data structures and routines.  This library
contains additional utility interfaces for APR; including support
for XML, LDAP, database interfaces, URI parsing and more.

Update Information:

Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library.  If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0786 to this issue.

This update includes a backported patch for this issue.

* Wed Sep 15 2004 Joe Orton <[email protected]> 0.9.4-2.1

- add security fix for CAN-2004-0786
- add fix for SHA1 password support

This update can be downloaded from:

a20b967ffa4e004ba2c24ae6f6d0285b  SRPMS/apr-util-0.9.4-2.1.src.rpm
51a0579a62f8a8883946b88863aec3d0  x86_64/apr-util-0.9.4-2.1.x86_64.rpm
814f6f5290b802b1997da32c569034c1  x86_64/apr-util-devel-0.9.4-2.1.x86_64.rpm
0344e8181664d9e6b37bc298fe79cc95  x86_64/debug/apr-util-debuginfo-0.9.4-2.1.x86_64.rpm
6d8df3d6e25c851161e1865f96eab6b4  i386/apr-util-0.9.4-2.1.i386.rpm
bcf23f81f50ff80b3fff315b1a6aff92  i386/apr-util-devel-0.9.4-2.1.i386.rpm
ea3b514f7544b0eef8deacf1b4e57a62  i386/debug/apr-util-debuginfo-0.9.4-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list
[email protected]