Описание
Security update for apr-util
This update for apr-util fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
Список пакетов
SUSE Enterprise Storage 7
apr-util-devel-1.6.1-150200.12.3.1
libapr-util1-1.6.1-150200.12.3.1
libapr-util1-dbd-mysql-1.6.1-150200.12.3.1
libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1
libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
apr-util-devel-1.6.1-150200.12.3.1
libapr-util1-1.6.1-150200.12.3.1
libapr-util1-dbd-mysql-1.6.1-150200.12.3.1
libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1
libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
apr-util-devel-1.6.1-150200.12.3.1
libapr-util1-1.6.1-150200.12.3.1
libapr-util1-dbd-mysql-1.6.1-150200.12.3.1
libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1
libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
apr-util-devel-1.6.1-150200.12.3.1
libapr-util1-1.6.1-150200.12.3.1
libapr-util1-dbd-mysql-1.6.1-150200.12.3.1
libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1
libapr-util1-dbd-sqlite3-1.6.1-150200.12.3.1
Ссылки
- Link for SUSE-SU-2023:0324-1
- E-Mail link for SUSE-SU-2023:0324-1
- SUSE Security Ratings
- SUSE Bug 1207866
- SUSE CVE CVE-2022-25147 page
Описание
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Затронутые продукты
SUSE Enterprise Storage 7:apr-util-devel-1.6.1-150200.12.3.1
SUSE Enterprise Storage 7:libapr-util1-1.6.1-150200.12.3.1
SUSE Enterprise Storage 7:libapr-util1-dbd-mysql-1.6.1-150200.12.3.1
SUSE Enterprise Storage 7:libapr-util1-dbd-pgsql-1.6.1-150200.12.3.1
Ссылки
- CVE-2022-25147
- SUSE Bug 1207866
- SUSE Bug 1209320