openSUSE-SU-2018:1214-1

Опубликовано: 10 мая 2018

Источник: suse-cvrf

Описание

Security update for libapr1

This update fixes the following issues:

CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

libapr1-1.5.1-9.3.1

libapr1-devel-1.5.1-9.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-05/msg00035.html
E-Mail link for openSUSE-SU-2018:1214-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Затронутые продукты

openSUSE Leap 42.3:libapr1-1.5.1-9.3.1

openSUSE Leap 42.3:libapr1-devel-1.5.1-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12613.html
CVE-2017-12613
https://bugzilla.suse.com/1064982
SUSE Bug 1064982

openSUSE-SU-2018:1214-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-12613

Описание

Затронутые продукты

Ссылки