Oval Definition:oval:org.mitre.oval:def:12456
Revision Date:2014-07-21Version:19
Title:DSA-2117-1 apr-util -- denial of service
Description:APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service. This upgrade fixes this issue. After the upgrade, any running apache2 server processes need to be restarted. For the stable distribution, this problem has been fixed in version 1.2.12+dfsg-8+lenny5. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.3.9+dfsg-4. We recommend that you upgrade your apr-util packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-1623
DSA-2117-1
Platform(s):Debian GNU/Linux 5.0
Product(s):apr-util
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libaprutil1-dbg DPKG is earlier than 1.2.12+dfsg-8+lenny5
  • OR libaprutil1 DPKG is earlier than 1.2.12+dfsg-8+lenny5
  • OR libaprutil1-dev DPKG is earlier than 1.2.12+dfsg-8+lenny5
    • BACK