drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberläufe in apr
Name: |
Zahlenüberläufe in apr |
|
ID: |
MDVSA-2009:195-1 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Enterprise Server 5.0 |
|
Datum: |
Do, 6. August 2009, 21:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 |
|
Applikationen: |
Apache Portable Runtime |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1249587210-13155-713
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:195-1 http://www.mandriva.com/security/ _______________________________________________________________________
Package : apr Date : August 6, 2009 Affected: Enterprise Server 5.0 _______________________________________________________________________
Problem Description:
A vulnerability has been identified and corrected in apr and apr-util: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information (CVE-2009-2412). This update provides fixes for these vulnerabilities.
Update:
apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 _______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5: 19ed152f311aaa740e498d204e611c87 mes5/i586/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.i586.rpm 1da16e622bc2aa6fac28b0a9a7c36b39 mes5/i586/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.i586.rpm e9e56ac0cbd4316b1687c3e5bf66d3d3 mes5/i586/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.i586.rpm fbfaeb1772eb0b22de4b4562f5601c50 mes5/i586/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.i586.rpm 6da57cdbe02238048ea6dc115a1ae744 mes5/i586/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.i586.rpm 34beee246bc1206229975aba75776aa2 mes5/i586/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.i586.rpm 445b930503e3e8f15b220681e67c74b4 mes5/i586/libapr-util1-1.3.4-2.3mdvmes5.i586.rpm b53ec99a1242f3d0e31e4267090d4d69 mes5/i586/libapr-util-devel-1.3.4-2.3mdvmes5.i586.rpm ddd3ba83c0f4f0a73954d1ca8b6926c4 mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: 02e1b437a1451b205d726a804ecba70a mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.x86_64.rpm daa72432fd3545df890a2aa2ebeacc4e mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.x86_64.rpm 5c6b4a74cf6df907a88d1474708ba96c mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.x86_64.rpm 8cabe517448ab264870e9b786f58db88 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.x86_64.rpm 4f49787251d7fac85d39535c82389a6a mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.x86_64.rpm 43c974a3636fd725d100332fd0b4f204 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.x86_64.rpm 9f0a37e6b63384f216033c6f35975c09 mes5/x86_64/lib64apr-util1-1.3.4-2.3mdvmes5.x86_64.rpm 99d7a7418d4250764773f6cbcc0ebd6c mes5/x86_64/lib64apr-util-devel-1.3.4-2.3mdvmes5.x86_64.rpm ddd3ba83c0f4f0a73954d1ca8b6926c4 mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKewWNmqjQ0CJFipgRAl3dAKCBpW6Ccamts0gKMNkDopc+x+QCZACfZ+Ep WrkXUeLyvhHymK2bJ8xLrXU= =4/ly -----END PGP SIGNATURE-----
------------=_1249587210-13155-713 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1249587210-13155-713--
|
|
|
|