[SECURITY] [DLA 2897-1] apr security update

2022-01-2422:36:03

lists.debian.org

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

26.1%

JSON

Debian LTS Advisory DLA-2897-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
January 24, 2022 https://wiki.debian.org/LTS

Package : apr
Version : 1.5.2-5+deb9u1
CVE ID : CVE-2017-12613

An issue has been found in apr, the Apache Portable Runtime Library.
The issue is related to out of bounds memory access due to invalid date
fields.

For Debian 9 stretch, this problem has been fixed in version
1.5.2-5+deb9u1.

We recommend that you upgrade your apr packages.

For the detailed security status of apr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armhflibapr1-dbg< 1.5.2-5+deb9u1libapr1-dbg_1.5.2-5+deb9u1_armhf.deb
Debian7armellibapr1-dev< 1.4.6-3+deb7u2libapr1-dev_1.4.6-3+deb7u2_armel.deb
Debian7i386libapr1< 1.4.6-3+deb7u2libapr1_1.4.6-3+deb7u2_i386.deb
Debian9arm64libapr1-dbg< 1.5.2-5+deb9u1libapr1-dbg_1.5.2-5+deb9u1_arm64.deb
Debian9arm64libapr1< 1.5.2-5+deb9u1libapr1_1.5.2-5+deb9u1_arm64.deb
Debian9armhflibapr1-dev< 1.5.2-5+deb9u1libapr1-dev_1.5.2-5+deb9u1_armhf.deb
Debian7i386libapr1-dev< 1.4.6-3+deb7u2libapr1-dev_1.4.6-3+deb7u2_i386.deb
Debian7armhflibapr1< 1.4.6-3+deb7u2libapr1_1.4.6-3+deb7u2_armhf.deb
Debian7amd64libapr1-dbg< 1.4.6-3+deb7u2libapr1-dbg_1.4.6-3+deb7u2_amd64.deb
Debian7allapr< 1.4.6-3+deb7u2apr_1.4.6-3+deb7u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armhf	libapr1-dbg	< 1.5.2-5+deb9u1	libapr1-dbg_1.5.2-5+deb9u1_armhf.deb
Debian	7	armel	libapr1-dev	< 1.4.6-3+deb7u2	libapr1-dev_1.4.6-3+deb7u2_armel.deb
Debian	7	i386	libapr1	< 1.4.6-3+deb7u2	libapr1_1.4.6-3+deb7u2_i386.deb
Debian	9	arm64	libapr1-dbg	< 1.5.2-5+deb9u1	libapr1-dbg_1.5.2-5+deb9u1_arm64.deb
Debian	9	arm64	libapr1	< 1.5.2-5+deb9u1	libapr1_1.5.2-5+deb9u1_arm64.deb
Debian	9	armhf	libapr1-dev	< 1.5.2-5+deb9u1	libapr1-dev_1.5.2-5+deb9u1_armhf.deb
Debian	7	i386	libapr1-dev	< 1.4.6-3+deb7u2	libapr1-dev_1.4.6-3+deb7u2_i386.deb
Debian	7	armhf	libapr1	< 1.4.6-3+deb7u2	libapr1_1.4.6-3+deb7u2_armhf.deb
Debian	7	amd64	libapr1-dbg	< 1.4.6-3+deb7u2	libapr1-dbg_1.4.6-3+deb7u2_amd64.deb
Debian	7	all	apr	< 1.4.6-3+deb7u2	apr_1.4.6-3+deb7u2_all.deb