Stay Secure with the Latest Linux Advisories

security advisoryslackwarememory leak

Slackware: 2011-041-01 Moderate: Apr-Util Memory Leak DoS

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apr-util (SSA:2011-041-01) New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/apr-1.3.12-i486-1_slack13.1.txz: Upgraded. patches/packages/apr-util-1.3.10-i486-1_slack13.1.txz: Upgraded. Fixes a memory leak and DoS in apr_brigade_split_line(). For more information, see: https://www.cve.org/CVERecord?id=CVE-2010-1623 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware 11.0: Updated packages for Slackware 12.0: Updated packages for Slackware 12.1: Updated packages for Slackware 12.2: Updated packages for Slackware 13.0: Updated packages for Slackware x86_64 13.0: Updated packages for Slackware 13.1: Updated packages for Slackware x86_64 13.1: Updated packages for Slackware -current: Updated packages for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 11.0 packages: d724ccd735abebd3ec0ddc41154803b6 apr-1.3.12-i486-1_slack11.0.tgz c6d97147a14b7cb43de15e54fff159fe apr-util-1.3.10-i486-1_slack11.0.tgz Slackware 12.0 packages: 8e5b7eceb188fd64ad50c9fa742594a5 apr-1.3.12-i486-1_slack12.0.tgz 5a3fe95b0424eb6f782bfc28f5516281 apr-util-1.3.10-i486-1_slack12.0.tgz Slackware 12.1 packages: 5ffe32fd53dde31e8db44693af107f61 apr-1.3.12-i486-1_slack12.1.tgz 39a53d8e55fe639218ebb86a0a018f63 apr-util-1.3.10-i486-1_slack12.1.tgz Slackware 12.2 packages: 4ca502241f391c9fc788d928ac5a702d apr-1.3.12-i486-1_slack12.2.tgz fcf7f18345395b678118d6359f419a08 apr-util-1.3.10-i486-1_slack12.2.tgz Slackware 13.0 packages: 87339cd0627fe6f15caa30e42e72b3e3 apr-1.3.12-i486-1_slack13.0.txz a1cd10e18a966359839085c6183f5838 apr-util-1.3.10-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: d495d1b6a9a20bf06cbed9caa334c6be apr-1.3.12-x86_64-1_slack13.0.txz 04c4aaa42f2e0e176d95674a77ff319c apr-util-1.3.10-x86_64-1_slack13.0.txz Slackware 13.1 packages: e5c6d66da7601be1bf7d8e7a4c04c3a9 apr-1.3.12-i486-1_slack13.1.txz 4d4b9246fbd3e089719dfa34059574b9 apr-util-1.3.10-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: 9a531f92ecf635efd2e0aa9ba32c36ed apr-1.3.12-x86_64-1_slack13.1.txz 22df8c98456bc1cff39f65325cbcc66a apr-util-1.3.10-x86_64-1_slack13.1.txz Slackware -current packages: 8e994add7faf2875006a775bedd06cd5 apr-1.4.2-i486-1.txz 1ea124d0f993696cda5d6599cfd221b8 apr-util-1.3.10-i486-1.txz Slackware x86_64 -current packages: 96db544cedf845df481d20283896cd05 apr-1.4.2-x86_64-1.txz bb250c4e61490dac9b30f02588d0c2a7 apr-util-1.3.10-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg apr-1.3.12-i486-1_slack13.1.txz apr-util-1.3.10-i486-1_slack13.1.txz +-----+ . To tackle memory leaks and DoS vulnerabilities in apr-util on Slackware, follow these upgrade steps to keep your system secure and efficient. apr-util security, slackware update, memory leak fix, dos security patch. . Severity: Important. LinuxSecurity.com Team

Feb 11, 2011 •Important Slackware