Jump to:

CVE-2017-12618

Jump to:

CVE-2017-12618

Package aprutil1 updated to version 1.6.1-alt1 for branch sisyphus in task 215011.

Published: 2017-10-24
Modified: 2024-11-21

CVE-2017-12618

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released
[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released
101558
101558
1042004
1042004
[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update
[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update

Version: 2.1.0

Package aprutil1 update in sisyphus on 2024-04-04

ALT-PU-2018-3672-1

Closed vulnerabilities

CVE-2017-12618