USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util.
Original advisory details:
Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.
-------------------------------------------------------------------
Description
===========
Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),
apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of
APR-Util and in memory/unix/apr_pools.c of APR, both occurring when
aligning memory blocks.
Impact
USN-813-1 fixed vulnerabilities in apr. This update provides the
corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.
Original advisory details:
Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.
After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.
CVE-2009-2412 (APR)
Reported by:
============
Matt Lewis, Google.
Patches:
========
This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile):
Package : apr, apr-util
Vulnerability : heap buffer overflow
Debian-specific: no
CVE Id(s) : CVE-2009-2412
Matt Lewis discovered that the memory management code in the Apache
Portable Runtime (APR) library does not guard against a wrap-around
during size computations. This could cause the library to return a
memory area which smaller than requested, resulting a heap overflow
and possibly arbitrary code execution.
1 dev-util/subversion < 1.6.4 >= 1.6.4
Description
===========
Matt Lewis of Google reported multiple integer overflows in the
libsvn_delta library, possibly leading to heap-based buffer overflows.
Impact
======
use Subversion, such as Apache when using mod_dav_svn, to effect the
necessary changes.
Details follow:
Matt Lewis discovered that Subversion did not properly sanitize its input
when processing svndiff streams, leading to various integer and heap
overflows. If a user or automated system processed crafted input, a remote
attacker could cause a denial of service or potentially execute arbitrary
code as the user processing the input.
Vulnerability : heap overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2411
Matt Lewis discovered that Subversion performs insufficient input
validation of svndiff streams. Malicious servers could cause heap
overflows in clients, and malicious clients with commit access could
cause heap overflows in servers, possibly leading to arbitrary code
execution in both cases.
