Slackware: 2023-032-01: apr Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  apr (SSA:2023-032-01)

New apr packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/apr-1.7.2-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Integer Overflow or Wraparound vulnerability in apr_encode functions of
  Apache Portable Runtime (APR) allows an attacker to write beyond bounds
  of a buffer. (CVE-2022-24963)
  Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
  (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
  later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-24963
    https://www.cve.org/CVERecord?id=CVE-2021-35940
    https://www.cve.org/CVERecord?id=CVE-2017-12613
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/apr-1.7.2-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.7.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.7.2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 package:
f27961f2a01dbddb9485c4ddd075f023  apr-1.7.2-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
328109881520f4758c0f435f33b1eee5  apr-1.7.2-x86_64-1_slack15.0.txz

Slackware -current package:
bdf0e548f53c8e2e8af46a6db145ad2e  l/apr-1.7.2-i586-1.txz

Slackware x86_64 -current package:
083b32601177fe6096858986c0ed194b  l/apr-1.7.2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg apr-1.7.2-i586-1_slack15.0.txz


+-----+

Slackware: 2023-032-01: apr Security Update

February 1, 2023
New apr packages are available for Slackware 15.0 and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/apr-1.7.2-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. (CVE-2022-24963) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940) For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-24963 https://www.cve.org/CVERecord?id=CVE-2021-35940 https://www.cve.org/CVERecord?id=CVE-2017-12613 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/apr-1.7.2-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.7.2-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.7.2-x86_64-1.txz

MD5 Signatures

Slackware 15.0 package: f27961f2a01dbddb9485c4ddd075f023 apr-1.7.2-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 328109881520f4758c0f435f33b1eee5 apr-1.7.2-x86_64-1_slack15.0.txz
Slackware -current package: bdf0e548f53c8e2e8af46a6db145ad2e l/apr-1.7.2-i586-1.txz
Slackware x86_64 -current package: 083b32601177fe6096858986c0ed194b l/apr-1.7.2-x86_64-1.txz

Severity
[slackware-security] apr (SSA:2023-032-01)
New apr packages are available for Slackware 15.0 and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg apr-1.7.2-i586-1_slack15.0.txz

Related News

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

8 Reasons Why Kali Linux is the Ultimate Operating System for Hackers

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy