Medium: apr-util

2017-12-06T21:33:00
ID ALAS-2017-929
Type amazon
Reporter Amazon
Modified 2017-12-06T21:33:00

Description

Issue Overview:

Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618 __)

Affected Packages:

apr-util

Issue Correction:
Run yum update apr-util to update your system.

New Packages:

i686:  
    apr-util-openssl-1.5.4-6.18.amzn1.i686  
    apr-util-ldap-1.5.4-6.18.amzn1.i686  
    apr-util-sqlite-1.5.4-6.18.amzn1.i686  
    apr-util-pgsql-1.5.4-6.18.amzn1.i686  
    apr-util-odbc-1.5.4-6.18.amzn1.i686  
    apr-util-debuginfo-1.5.4-6.18.amzn1.i686  
    apr-util-devel-1.5.4-6.18.amzn1.i686  
    apr-util-freetds-1.5.4-6.18.amzn1.i686  
    apr-util-nss-1.5.4-6.18.amzn1.i686  
    apr-util-mysql-1.5.4-6.18.amzn1.i686  
    apr-util-1.5.4-6.18.amzn1.i686

src:  
    apr-util-1.5.4-6.18.amzn1.src

x86_64:  
    apr-util-sqlite-1.5.4-6.18.amzn1.x86_64  
    apr-util-mysql-1.5.4-6.18.amzn1.x86_64  
    apr-util-odbc-1.5.4-6.18.amzn1.x86_64  
    apr-util-openssl-1.5.4-6.18.amzn1.x86_64  
    apr-util-ldap-1.5.4-6.18.amzn1.x86_64  
    apr-util-1.5.4-6.18.amzn1.x86_64  
    apr-util-devel-1.5.4-6.18.amzn1.x86_64  
    apr-util-pgsql-1.5.4-6.18.amzn1.x86_64  
    apr-util-nss-1.5.4-6.18.amzn1.x86_64  
    apr-util-debuginfo-1.5.4-6.18.amzn1.x86_64  
    apr-util-freetds-1.5.4-6.18.amzn1.x86_64