Описание
Security update for libapr1
This update fixes the following issues:
- CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libapr1-1.3.3-11.18.19.13.2
libapr1-32bit-1.3.3-11.18.19.13.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libapr1-1.3.3-11.18.19.13.2
libapr1-32bit-1.3.3-11.18.19.13.2
SUSE Linux Enterprise Software Development Kit 11 SP4
libapr1-1.3.3-11.18.19.13.2
libapr1-devel-1.3.3-11.18.19.13.2
libapr1-devel-32bit-1.3.3-11.18.19.13.2
SUSE Studio Onsite 1.3
libapr1-devel-1.3.3-11.18.19.13.2
Ссылки
- Link for SUSE-SU-2018:1322-1
- E-Mail link for SUSE-SU-2018:1322-1
- SUSE Security Ratings
- SUSE Bug 1064982
- SUSE CVE CVE-2017-12613 page
Описание
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2
SUSE Linux Enterprise Server 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2
Ссылки
- CVE-2017-12613
- SUSE Bug 1064982
- SUSE Bug 1190072