Описание
Security update for libapr1
This update fixes the following issues:
- CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982).
Список пакетов
SUSE Linux Enterprise Server 12 SP3
libapr1-1.5.1-4.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libapr1-1.5.1-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libapr1-1.5.1-4.3.1
libapr1-devel-1.5.1-4.3.1
Ссылки
- Link for SUSE-SU-2018:1196-1
- E-Mail link for SUSE-SU-2018:1196-1
- SUSE Security Ratings
- SUSE Bug 1064982
- SUSE CVE CVE-2017-12613 page
Описание
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:libapr1-1.5.1-4.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:libapr1-1.5.1-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libapr1-1.5.1-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libapr1-devel-1.5.1-4.3.1
Ссылки
- CVE-2017-12613
- SUSE Bug 1064982
- SUSE Bug 1190072