[arch-security] [ASA-201710-33] apr-util: denial of service
Arch Linux Security Advisory ASA-201710-33 ========================================== Severity: Low Date : 2017-10-27 CVE-ID : CVE-2017-12618 Package : apr-util Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-468 Summary ======= The package apr-util before version 1.6.1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.6.1-1. # pacman -Syu "apr-util>=1.6.1-1" The problem has been fixed upstream in version 1.6.1. Workaround ========== None. Description =========== APR-util 1.6.0 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Impact ====== A local attacker with write access to the database can cause a denial of service. References ========== https://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs... https://security.archlinux.org/CVE-2017-12618
participants (1)
-
Remi Gacogne