---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-308
2004-09-16
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : apr-util
Version     : 0.9.4
Release     : 14.2
Summary     : Apache Portable Runtime Utility library
Description :
The mission of the Apache Portable Runtime (APR) is to provide a
free library of C data structures and routines.  This library
contains additional utility interfaces for APR; including support
for XML, LDAP, database interfaces, URI parsing and more.

---------------------------------------------------------------------
Update Information:

Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library.  If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0786 to this issue.

This update includes a backported fix for this issue.

---------------------------------------------------------------------
* Tue Sep 14 2004 Joe Orton <jorton@redhat.com> 0.9.4-14.2

- add security fix for CAN-2004-0786

---------------------------------------------------------------------
This update can be downloaded from:
    

707beabca3584d07dbcd3614b80093cb  SRPMS/apr-util-0.9.4-14.2.src.rpm
902896dacdd450d100949c5a5af98f93  x86_64/apr-util-0.9.4-14.2.x86_64.rpm
58781e97602be02bb0b37d7039aaed78  x86_64/apr-util-devel-0.9.4-14.2.x86_64.rpm
02ef6a9f2c5651c7db6cd33432b86058  x86_64/debug/apr-util-debuginfo-0.9.4-14.2.x86_64.rpm
70b1159aff827af2930b5488064c4a00  i386/apr-util-0.9.4-14.2.i386.rpm
f602170d5cf714238b2a91f4ce4ae052  i386/apr-util-devel-0.9.4-14.2.i386.rpm
d9b03f13abf22c32ac291da2ce2a5a10  i386/debug/apr-util-debuginfo-0.9.4-14.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: Apache Portable Runtime Utility library Fedora Core 2 Update: apr-util-0.9.4-14.2

September 16, 2004
Testing using the Codenomicon HTTP Test Tool performed by the ApacheSoftware Foundation security group and Red Hat uncovered an inputvalidation issue in the IPv6 URI parsing routin...

Summary

The mission of the Apache Portable Runtime (APR) is to provide a

free library of C data structures and routines. This library

contains additional utility interfaces for APR; including support

for XML, LDAP, database interfaces, URI parsing and more.

Update Information:

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue.

This update includes a backported fix for this issue.

* Tue Sep 14 2004 Joe Orton <jorton@redhat.com> 0.9.4-14.2

- add security fix for CAN-2004-0786

This update can be downloaded from:


707beabca3584d07dbcd3614b80093cb SRPMS/apr-util-0.9.4-14.2.src.rpm 902896dacdd450d100949c5a5af98f93 x86_64/apr-util-0.9.4-14.2.x86_64.rpm 58781e97602be02bb0b37d7039aaed78 x86_64/apr-util-devel-0.9.4-14.2.x86_64.rpm 02ef6a9f2c5651c7db6cd33432b86058 x86_64/debug/apr-util-debuginfo-0.9.4-14.2.x86_64.rpm 70b1159aff827af2930b5488064c4a00 i386/apr-util-0.9.4...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-308 2004-09-16 Product : Fedora Core 2 Name : apr-util Version : 0.9.4 Release : 14.2 Summary : Apache Portable Runtime Utility library Description : The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more.

Update Instructions

Severity
Product : Fedora Core 2
Name : apr-util
Version : 0.9.4
Release : 14.2
Summary : Apache Portable Runtime Utility library

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved