apr security update

CentOS Errata and Security Advisory CESA-2010:0950

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. apr-util is a library which provides
additional utility interfaces for APR; including support for XML parsing,
LDAP, database interfaces, URI parsing, and more.

It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly use
this flaw to trigger high memory consumption. (CVE-2010-1623)

All apr-util users should upgrade to these updated packages, which contain
a backported patch to correct this issue. Applications using the apr-util
library, such as httpd, must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-January/079387.html
https://lists.centos.org/pipermail/centos-announce/2011-January/079388.html

Affected packages:
apr-util
apr-util-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0950