====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: apr and apr-util security update
Advisory ID:       RHSA-2009:1204-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2009:1204.html
Issue date:        2009-08-10
CVE Names:         CVE-2009-2412 
====================================================================
1. Summary:

Updated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines. apr-util is a utility library used with
APR. This library provides additional utility interfaces for APR; including
support for XML parsing, LDAP, database interfaces, URI parsing, and more.

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)

All apr and apr-util users should upgrade to these updated packages, which
contain backported patches to correct these issues. Applications using the
APR libraries, such as httpd, must be restarted for this update to take
effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network.  Details on how to use
the Red Hat Network to apply this update are available at

5. Bugs fixed (http://bugzilla.redhat.com/):

515698 - CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:

i386:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-devel-0.9.4-24.9.el4_8.2.i386.rpm
apr-util-0.9.4-22.el4_8.2.i386.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm
apr-util-devel-0.9.4-22.el4_8.2.i386.rpm

ia64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.ia64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm
apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm
apr-util-0.9.4-22.el4_8.2.ia64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm
apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm

ppc:
apr-0.9.4-24.9.el4_8.2.ppc.rpm
apr-0.9.4-24.9.el4_8.2.ppc64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.ppc.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.ppc64.rpm
apr-devel-0.9.4-24.9.el4_8.2.ppc.rpm
apr-util-0.9.4-22.el4_8.2.ppc.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.ppc.rpm
apr-util-devel-0.9.4-22.el4_8.2.ppc.rpm

s390:
apr-0.9.4-24.9.el4_8.2.s390.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.s390.rpm
apr-devel-0.9.4-24.9.el4_8.2.s390.rpm
apr-util-0.9.4-22.el4_8.2.s390.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.s390.rpm
apr-util-devel-0.9.4-22.el4_8.2.s390.rpm

s390x:
apr-0.9.4-24.9.el4_8.2.s390.rpm
apr-0.9.4-24.9.el4_8.2.s390x.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.s390.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.s390x.rpm
apr-devel-0.9.4-24.9.el4_8.2.s390x.rpm
apr-util-0.9.4-22.el4_8.2.s390x.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.s390x.rpm
apr-util-devel-0.9.4-22.el4_8.2.s390x.rpm

x86_64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-util-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:

i386:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-devel-0.9.4-24.9.el4_8.2.i386.rpm
apr-util-0.9.4-22.el4_8.2.i386.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm
apr-util-devel-0.9.4-22.el4_8.2.i386.rpm

x86_64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-util-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:

i386:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-devel-0.9.4-24.9.el4_8.2.i386.rpm
apr-util-0.9.4-22.el4_8.2.i386.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm
apr-util-devel-0.9.4-22.el4_8.2.i386.rpm

ia64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.ia64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm
apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm
apr-util-0.9.4-22.el4_8.2.ia64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm
apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm

x86_64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-util-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:

i386:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-devel-0.9.4-24.9.el4_8.2.i386.rpm
apr-util-0.9.4-22.el4_8.2.i386.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm
apr-util-devel-0.9.4-22.el4_8.2.i386.rpm

ia64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.ia64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm
apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm
apr-util-0.9.4-22.el4_8.2.ia64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm
apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm

x86_64:
apr-0.9.4-24.9.el4_8.2.i386.rpm
apr-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm
apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm
apr-util-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm
apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:

i386:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-docs-1.2.7-11.el5_3.1.i386.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-docs-1.2.7-7.el5_3.2.i386.rpm

x86_64:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-1.2.7-11.el5_3.1.x86_64.rpm
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm
apr-docs-1.2.7-11.el5_3.1.x86_64.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-docs-1.2.7-7.el5_3.2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:

i386:
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm

x86_64:
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.x86_64.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:

i386:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-docs-1.2.7-11.el5_3.1.i386.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
apr-util-docs-1.2.7-7.el5_3.2.i386.rpm

ia64:
apr-1.2.7-11.el5_3.1.ia64.rpm
apr-debuginfo-1.2.7-11.el5_3.1.ia64.rpm
apr-devel-1.2.7-11.el5_3.1.ia64.rpm
apr-docs-1.2.7-11.el5_3.1.ia64.rpm
apr-util-1.2.7-7.el5_3.2.ia64.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.ia64.rpm
apr-util-devel-1.2.7-7.el5_3.2.ia64.rpm
apr-util-docs-1.2.7-7.el5_3.2.ia64.rpm

ppc:
apr-1.2.7-11.el5_3.1.ppc.rpm
apr-1.2.7-11.el5_3.1.ppc64.rpm
apr-debuginfo-1.2.7-11.el5_3.1.ppc.rpm
apr-debuginfo-1.2.7-11.el5_3.1.ppc64.rpm
apr-devel-1.2.7-11.el5_3.1.ppc.rpm
apr-devel-1.2.7-11.el5_3.1.ppc64.rpm
apr-docs-1.2.7-11.el5_3.1.ppc.rpm
apr-util-1.2.7-7.el5_3.2.ppc.rpm
apr-util-1.2.7-7.el5_3.2.ppc64.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.ppc.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.ppc64.rpm
apr-util-devel-1.2.7-7.el5_3.2.ppc.rpm
apr-util-devel-1.2.7-7.el5_3.2.ppc64.rpm
apr-util-docs-1.2.7-7.el5_3.2.ppc.rpm

s390x:
apr-1.2.7-11.el5_3.1.s390.rpm
apr-1.2.7-11.el5_3.1.s390x.rpm
apr-debuginfo-1.2.7-11.el5_3.1.s390.rpm
apr-debuginfo-1.2.7-11.el5_3.1.s390x.rpm
apr-devel-1.2.7-11.el5_3.1.s390.rpm
apr-devel-1.2.7-11.el5_3.1.s390x.rpm
apr-docs-1.2.7-11.el5_3.1.s390x.rpm
apr-util-1.2.7-7.el5_3.2.s390.rpm
apr-util-1.2.7-7.el5_3.2.s390x.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.s390.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.s390x.rpm
apr-util-devel-1.2.7-7.el5_3.2.s390.rpm
apr-util-devel-1.2.7-7.el5_3.2.s390x.rpm
apr-util-docs-1.2.7-7.el5_3.2.s390x.rpm

x86_64:
apr-1.2.7-11.el5_3.1.i386.rpm
apr-1.2.7-11.el5_3.1.x86_64.rpm
apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm
apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm
apr-devel-1.2.7-11.el5_3.1.i386.rpm
apr-devel-1.2.7-11.el5_3.1.x86_64.rpm
apr-docs-1.2.7-11.el5_3.1.x86_64.rpm
apr-util-1.2.7-7.el5_3.2.i386.rpm
apr-util-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm
apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
apr-util-devel-1.2.7-7.el5_3.2.x86_64.rpm
apr-util-docs-1.2.7-7.el5_3.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.

RedHat: Moderate: apr and apr-util security update

Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security ...

Summary

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412)
All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.



Summary


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://www.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux AS version 4:
Source:
i386: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-devel-0.9.4-24.9.el4_8.2.i386.rpm apr-util-0.9.4-22.el4_8.2.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm apr-util-devel-0.9.4-22.el4_8.2.i386.rpm
ia64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.ia64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm apr-util-0.9.4-22.el4_8.2.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm
ppc: apr-0.9.4-24.9.el4_8.2.ppc.rpm apr-0.9.4-24.9.el4_8.2.ppc64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.ppc.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.ppc64.rpm apr-devel-0.9.4-24.9.el4_8.2.ppc.rpm apr-util-0.9.4-22.el4_8.2.ppc.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.ppc.rpm apr-util-devel-0.9.4-22.el4_8.2.ppc.rpm
s390: apr-0.9.4-24.9.el4_8.2.s390.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.s390.rpm apr-devel-0.9.4-24.9.el4_8.2.s390.rpm apr-util-0.9.4-22.el4_8.2.s390.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.s390.rpm apr-util-devel-0.9.4-22.el4_8.2.s390.rpm
s390x: apr-0.9.4-24.9.el4_8.2.s390.rpm apr-0.9.4-24.9.el4_8.2.s390x.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.s390.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.s390x.rpm apr-devel-0.9.4-24.9.el4_8.2.s390x.rpm apr-util-0.9.4-22.el4_8.2.s390x.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.s390x.rpm apr-util-devel-0.9.4-22.el4_8.2.s390x.rpm
x86_64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.x86_64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm apr-util-0.9.4-22.el4_8.2.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
i386: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-devel-0.9.4-24.9.el4_8.2.i386.rpm apr-util-0.9.4-22.el4_8.2.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm apr-util-devel-0.9.4-22.el4_8.2.i386.rpm
x86_64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.x86_64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm apr-util-0.9.4-22.el4_8.2.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
i386: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-devel-0.9.4-24.9.el4_8.2.i386.rpm apr-util-0.9.4-22.el4_8.2.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm apr-util-devel-0.9.4-22.el4_8.2.i386.rpm
ia64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.ia64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm apr-util-0.9.4-22.el4_8.2.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm
x86_64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.x86_64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm apr-util-0.9.4-22.el4_8.2.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
i386: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-devel-0.9.4-24.9.el4_8.2.i386.rpm apr-util-0.9.4-22.el4_8.2.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.i386.rpm apr-util-devel-0.9.4-22.el4_8.2.i386.rpm
ia64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.ia64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.ia64.rpm apr-devel-0.9.4-24.9.el4_8.2.ia64.rpm apr-util-0.9.4-22.el4_8.2.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.ia64.rpm apr-util-devel-0.9.4-22.el4_8.2.ia64.rpm
x86_64: apr-0.9.4-24.9.el4_8.2.i386.rpm apr-0.9.4-24.9.el4_8.2.x86_64.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.i386.rpm apr-debuginfo-0.9.4-24.9.el4_8.2.x86_64.rpm apr-devel-0.9.4-24.9.el4_8.2.x86_64.rpm apr-util-0.9.4-22.el4_8.2.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.2.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: apr-1.2.7-11.el5_3.1.i386.rpm apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-docs-1.2.7-11.el5_3.1.i386.rpm apr-util-1.2.7-7.el5_3.2.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-docs-1.2.7-7.el5_3.2.i386.rpm
x86_64: apr-1.2.7-11.el5_3.1.i386.rpm apr-1.2.7-11.el5_3.1.x86_64.rpm apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm apr-docs-1.2.7-11.el5_3.1.x86_64.rpm apr-util-1.2.7-7.el5_3.2.i386.rpm apr-util-1.2.7-7.el5_3.2.x86_64.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm apr-util-docs-1.2.7-7.el5_3.2.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
i386: apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-devel-1.2.7-11.el5_3.1.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-devel-1.2.7-7.el5_3.2.i386.rpm
x86_64: apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm apr-devel-1.2.7-11.el5_3.1.i386.rpm apr-devel-1.2.7-11.el5_3.1.x86_64.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm apr-util-devel-1.2.7-7.el5_3.2.i386.rpm apr-util-devel-1.2.7-7.el5_3.2.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: apr-1.2.7-11.el5_3.1.i386.rpm apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-devel-1.2.7-11.el5_3.1.i386.rpm apr-docs-1.2.7-11.el5_3.1.i386.rpm apr-util-1.2.7-7.el5_3.2.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-devel-1.2.7-7.el5_3.2.i386.rpm apr-util-docs-1.2.7-7.el5_3.2.i386.rpm
ia64: apr-1.2.7-11.el5_3.1.ia64.rpm apr-debuginfo-1.2.7-11.el5_3.1.ia64.rpm apr-devel-1.2.7-11.el5_3.1.ia64.rpm apr-docs-1.2.7-11.el5_3.1.ia64.rpm apr-util-1.2.7-7.el5_3.2.ia64.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.ia64.rpm apr-util-devel-1.2.7-7.el5_3.2.ia64.rpm apr-util-docs-1.2.7-7.el5_3.2.ia64.rpm
ppc: apr-1.2.7-11.el5_3.1.ppc.rpm apr-1.2.7-11.el5_3.1.ppc64.rpm apr-debuginfo-1.2.7-11.el5_3.1.ppc.rpm apr-debuginfo-1.2.7-11.el5_3.1.ppc64.rpm apr-devel-1.2.7-11.el5_3.1.ppc.rpm apr-devel-1.2.7-11.el5_3.1.ppc64.rpm apr-docs-1.2.7-11.el5_3.1.ppc.rpm apr-util-1.2.7-7.el5_3.2.ppc.rpm apr-util-1.2.7-7.el5_3.2.ppc64.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.ppc.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.ppc64.rpm apr-util-devel-1.2.7-7.el5_3.2.ppc.rpm apr-util-devel-1.2.7-7.el5_3.2.ppc64.rpm apr-util-docs-1.2.7-7.el5_3.2.ppc.rpm
s390x: apr-1.2.7-11.el5_3.1.s390.rpm apr-1.2.7-11.el5_3.1.s390x.rpm apr-debuginfo-1.2.7-11.el5_3.1.s390.rpm apr-debuginfo-1.2.7-11.el5_3.1.s390x.rpm apr-devel-1.2.7-11.el5_3.1.s390.rpm apr-devel-1.2.7-11.el5_3.1.s390x.rpm apr-docs-1.2.7-11.el5_3.1.s390x.rpm apr-util-1.2.7-7.el5_3.2.s390.rpm apr-util-1.2.7-7.el5_3.2.s390x.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.s390.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.s390x.rpm apr-util-devel-1.2.7-7.el5_3.2.s390.rpm apr-util-devel-1.2.7-7.el5_3.2.s390x.rpm apr-util-docs-1.2.7-7.el5_3.2.s390x.rpm
x86_64: apr-1.2.7-11.el5_3.1.i386.rpm apr-1.2.7-11.el5_3.1.x86_64.rpm apr-debuginfo-1.2.7-11.el5_3.1.i386.rpm apr-debuginfo-1.2.7-11.el5_3.1.x86_64.rpm apr-devel-1.2.7-11.el5_3.1.i386.rpm apr-devel-1.2.7-11.el5_3.1.x86_64.rpm apr-docs-1.2.7-11.el5_3.1.x86_64.rpm apr-util-1.2.7-7.el5_3.2.i386.rpm apr-util-1.2.7-7.el5_3.2.x86_64.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.i386.rpm apr-util-debuginfo-1.2.7-7.el5_3.2.x86_64.rpm apr-util-devel-1.2.7-7.el5_3.2.i386.rpm apr-util-devel-1.2.7-7.el5_3.2.x86_64.rpm apr-util-docs-1.2.7-7.el5_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package


Severity
Advisory ID: RHSA-2009:1204-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2009:1204.html
Issued Date: : 2009-08-10
CVE Names: CVE-2009-2412

Topic

Updated apr and apr-util packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 and 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed

515698 - CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved