- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Apache Portable Runtime, APR Utility Library: Execution of
arbitrary code
Date: September 09, 2009
Bugs: #280514
ID: 200909-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Apache Portable Runtime Utility Library
might enable remote attackers to cause a Denial of Service or disclose
sensitive information.
Background
==========
Problem Description:
A vulnerability has been found and corrected in ASF APR:
tables/apr_hash.c in the Apache Portable Runtime (APR) library through
1.4.5 computes hash values without restricting the ability to trigger
hash collisions predictably, which allows context-dependent attackers
to cause a denial of service (CPU consumption) via crafted input to
an application that maintains a hash table (CVE-2012-0840).
Problem Description:
Multiple security vulnerabilities has been identified and fixed in
apr and apr-util:
Multiple integer overflows in the Apache Portable Runtime (APR)
library and the Apache Portable Utility library (aka APR-util)
0.9.x and 1.3.x allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via vectors that
trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc
function in memory/unix/apr_pools.c in APR; or crafted calls to
Problem Description:
A vulnerability has been identified and corrected in apr and apr-util:
Multiple integer overflows in the Apache Portable Runtime (APR)
library and the Apache Portable Utility library (aka APR-util)
0.9.x and 1.3.x allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via vectors that
trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc
function in memory/unix/apr_pools.c in APR; or crafted calls to
of the security vulnerabilities addressed in this and earlier releases
is available:
http://httpd.apache.org/security/vulnerabilities_22.html
This release includes the Apache Portable Runtime (APR) version 1.4.5
and APR Utility Library (APR-util) version 1.4.2, bundled with the tar
and zip distributions. The APR libraries libapr and libaprutil (and
on Win32, libapriconv version 1.2.1) must all be updated to ensure
binary compatibility and address many known security and platform bugs.
APR-util version 1.4 represents a minor version upgrade from earlier
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0023
Apr-util, the Apache Portable Runtime Utility library, is used by
Apache 2.x, Subversion, and other applications. Two denial of service
vulnerabilities have been found in apr-util:
"kcope" discovered a flaw in the handling of internal XML entities in
the apr_xml_* interface that can be exploited to use all available
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Description:
Previous versions of the Apache Portable Runtime library (apr)
and the Apache Portable Utility library (apr-util) allow remote
attackers to cause a denial of service or possibly execute
arbitrary code.
http://wiki.rpath.com/Advisories:rPSA-2009-0119
Vulnerability : heap buffer overflow
Debian-specific: no
CVE Id(s) : CVE-2009-2412
Matt Lewis discovered that the memory management code in the Apache
Portable Runtime (APR) library does not guard against a wrap-around
during size computations. This could cause the library to return a
memory area which smaller than requested, resulting a heap overflow
and possibly arbitrary code execution.
For the old stable distribution (etch), this problem has been fixed in
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1623
APR-util is part of the Apache Portable Runtime library which is used
by projects such as Apache httpd and Subversion.
Jeff Trawick discovered a flaw in the apr_brigade_split_line() function
in apr-util. A remote attacker could send crafted http requests to
cause a greatly increased memory consumption in Apache httpd, resulting
