Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1107
The remote host is missing updates announced in
advisory RHSA-2009:1107.

apr-util is a utility library used with the Apache Portable Runtime (APR).
It aims to provide a free library of C data structures and routines. This
library contains additional utility interfaces for APR
including support
for XML, LDAP, database interfaces, URI parsing, and more.

An off-by-one overflow flaw was found in the way apr-util processed a
variable list of arguments. An attacker could provide a specially-crafted
string as input for the formatted output conversion routine, which could,
on big-endian platforms, potentially lead to the disclosure of sensitive
information or a denial of service (application crash). (CVE-2009-1956)

Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the
IBM S/390 and PowerPC. It does not affect users using the apr-util package
on little-endian platforms, due to their different organization of byte
ordering used to represent particular data.

A denial of service flaw was found in the apr-util Extensible Markup
Language (XML) parser. A remote attacker could create a specially-crafted
XML document that would cause excessive memory consumption when processed
by the XML decoding engine. (CVE-2009-1955)

A heap-based underwrite flaw was found in the way apr-util created compiled
forms of particular search patterns. An attacker could formulate a
specially-crafted search keyword, that would overwrite arbitrary heap
memory locations when processed by the pattern preparation engine.

All apr-util users should upgrade to these updated packages, which contain
backported patches to correct these issues. Applications using the Apache
Portable Runtime library, such as httpd, must be restarted for this update
to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0023
BugTraq ID: 35221
Bugtraq: 20091112 rPSA-2009-0144-1 apr-util (Google Search)
Debian Security Information: DSA-1812 (Google Search)
HPdes Security Advisory: HPSBUX02612
HPdes Security Advisory: SSRT100345
XForce ISS Database: apache-aprstrmatchprecompile-dos(50964)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1955
BugTraq ID: 35253
Bugtraq: 20090824 rPSA-2009-0123-1 apr-util (Google Search)
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1956
BugTraq ID: 35251
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.