Headline
RHSA-2023:3109: Red Hat Security Advisory: apr-util security update
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:3109 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: apr-util security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for apr-util is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. apr-util is a library which provides
additional utility interfaces for APR; including support for XML parsing,
LDAP, database interfaces, URI parsing, and more.
Security Fix(es):
- apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Red Hat Enterprise Linux for x86_64 8
SRPM
apr-util-1.6.1-6.el8_8.1.src.rpm
SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b
x86_64
apr-util-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 0a7e40a7bd8fbbeca80ebc1c5981cbf8165a1143902d0ce721808af6a7ff6a6c
apr-util-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 5827a1ac265f36500629956b1a6459a7d386160c22bc15474d3f17ae5d423093
apr-util-bdb-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 27048db571ef2bc515ba620870a8cc4f4309f7690a3c1622e68b549b6aed9559
apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 5918a2ed17afc7a81ea3cfb5014ec0faa705459398e01b7f6c3706a5425a128b
apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: f07078d174df343db6b2827eb9853538a708afd64534882eda5fd5c74e19fe66
apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 89df21035445be618f0de5a8274dd8885dddc55fb16d6289db6f7d0356591945
apr-util-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 75aebd5b41a4f9f49a7254af058a5d04f4f8727eb852a4d7d312c43bdcc79118
apr-util-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 53a73b959d49742c2218fc5bf2aff2cbad6dcb5f479fada248c663a011bbff5a
apr-util-debugsource-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 2609ac83e3d51333e7cbd4cd213096691de4c5ea322097ee9e4f1e9ef435f675
apr-util-debugsource-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 6a7fe3111243f0a5a1b889500cbadd0c3a234b41b862c894f9d2a9219a05a497
apr-util-devel-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 87732116db093c2d0e856cb077ecc014827c41ab32fe80bad8699b311a65e43f
apr-util-devel-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 96e5402b1bbd62f78e607a20b2d3b2d28d9bd635e5ddc8e5e3f1c61545ae613c
apr-util-ldap-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 28ebb264368cd0b9b614fa631947afa60623c82b9fbd596b01a608a3f830d644
apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 5ee98b294b87227298877731be0c5c32d0bf0128781bf4c3e4de3c1bec66e58e
apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: c931fd089f171d8ed5573b3b109eb727d0765db24df5b849cd09d4be43c3bf52
apr-util-mysql-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: a8d93b38a5b97c0c5d8800d2f1ee68331c50aec494327b3f93c1f1a3efb4c446
apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 8748c2c9077c86ab01198c4c4bd428c37f3578e72d436fa0793c2d0c63746253
apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 19f457a844ff65d509a4a94ec1b70c6e0d7ba64569ef4b4dd850040c5cb4f3a0
apr-util-odbc-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 367acc6a6dc256a5286da7a6d0a967d7268be8f72f5a33b77b34d4bc8ba69dea
apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: ef552ae27511f9002c1cfda42059612088e0dc251079832decdcec218372ef6d
apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 136e87b159831352a6cc469aa99c923e21647b60f5ab503ab554e26afab748e8
apr-util-openssl-1.6.1-6.el8_8.1.i686.rpm
SHA-256: ba3561c46e110dbcf0f6bc1daefcd41bc546c16ecfefdb692e82b8bc3431ce7f
apr-util-openssl-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: be4dbbd4f21d43de4d9a74ba4f67bc5618e9f66c0691dbe33d7960576473d193
apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 7de2e9d96d5b4d374a4cb9fd73b15cb87565f9fdcb0b46e08a571fc309bbf4e8
apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: e6d38eae63bc749554318ec5eb9df27076fd2d8661e69c2ff0ccf99e64f75208
apr-util-pgsql-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 97eef4d4d642fcbfb751f4c66ce1466e32644175824b409baa9562de77f99f0f
apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: db9a3f9bf1d6e91f07de21f517db6e2ca28209ba5317f040b07225b20bf5ddb8
apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 68ce7c3ebec7e298564aa34f059337c04b4b8871580cf44f6ed47196b418e42a
apr-util-sqlite-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: 45286fe6a15f20068746ca7c966683ff5a1d47ec88470e809d8c7eff809bc901
apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.i686.rpm
SHA-256: 8e07615dad5f058fed7bf96026ff40724a2d97033f969e74bd7ab375dc613dc4
apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.x86_64.rpm
SHA-256: f5e4f0cfc4d7bca5edb91a41ab12c0b173df26a13683fa1fbb09ce8e2178a353
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
apr-util-1.6.1-6.el8_8.1.src.rpm
SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b
s390x
apr-util-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 40e4fc848b290ef8d2bb64baf86c401ab03b523abe37d7ca7f74ab0b8400daf6
apr-util-bdb-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: d3fc8609e76374b81cb2bfd6e1fb184c6f64ad29851fb1e129213e289b32c964
apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: c71287736de6e21c3b8ed789cefafff249ec6414997de22319c2e32af2c6b270
apr-util-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 46cbbe9aeb8b0c4e5663f331b7051253fc252028691c0bce2314fde17f7b1e4e
apr-util-debugsource-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 73d417a7b0d90b47a03dec8ff110f33784e580bba2797ab99406f485718c6420
apr-util-devel-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 3b27011d9db74582a08aa0980261a3837db8676ed7af13a8358e01988825fcf5
apr-util-ldap-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 12008cf5631052a83227ca761bc5257fac5bfb4627044281432757355b4daf4a
apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 62b021d76a722d204f543cc6b584bc3812a3f2b6b85fb589dc2de820e58e0dc3
apr-util-mysql-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: f7110abb67ff5b35608d5fe15bb138ffdd36fb95f7c262090a4d42252747f181
apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 5c341f9e8efab2393acc909b078d25485437113f2630a9e35ea66dd5231d5553
apr-util-odbc-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: e1f77554706a02eb471056ecbba2efaaba36b5e3acc53b0886bb96f18cea65a6
apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 3716cbee1ab665ecf53838867c47a10b53791b971e53697edb828974c01981b3
apr-util-openssl-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 59718a5a01a5035ff19dac5a11a5603fd39162c92d13faee64feddc08e91f10c
apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: b016ae14c6f33df144ced46a518092c0cfed0fa26c60b4627cbb603526d36cf3
apr-util-pgsql-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 8563d9cb2ef040505846eba524c3ba89110cff846d4524aa0b8b07c2500cf4bf
apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: eb8bce5baa494a50322f2a281f747e629befe11ddff0f6f9b0cbfa9646c8098a
apr-util-sqlite-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 25dc20bac27c8894d8eb513ef39ed9b0bb071cb71bdd4875cae477a5e3f9de0a
apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.s390x.rpm
SHA-256: 5c55f6fae4fd0fcfb8b39742d7f75c998a9fc7eb179e23ed6d60486cc766d9bd
Red Hat Enterprise Linux for Power, little endian 8
SRPM
apr-util-1.6.1-6.el8_8.1.src.rpm
SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b
ppc64le
apr-util-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 143dad15777949bd6cb3de1116d3e5d05151c9a1ca5a64e945612d9446504c37
apr-util-bdb-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 8d4954150d9f4204caefb6cd35fc83b5f1b97455e59323463d9835245ea4bf3c
apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: b1573c3b64b1ff036e9ed0853e80169c8f7cfc701086678d83de336fcbb7e80b
apr-util-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 3689eedc00becd52c43fb7d02f003eda990dcec48bd9141e36d82822d3569e97
apr-util-debugsource-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 4baec509271cfb8148f1ca992c74ed5210f30b97948e3b0a9426b8a59c70b32c
apr-util-devel-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 7a4aa0f335b644265967c1c781db424014f9a82614bc5658ab51a783612e73a9
apr-util-ldap-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 28f3d0fc5c293f4960358b4f592221cb93534aa7de1b0c3afc676c40f21a64bc
apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 186aa8567344f9c74169b4b046a0b1308d90d3b5fd2ba6b31ca826ebff468010
apr-util-mysql-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: a828ce7271c3cfe93b0568827b38ddae876da4abe438391c1d657f9509b887c2
apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 9be5cc3b8d24bb249cb4a598d3bf79ba998bb07430b2dada79ff161a06ba7115
apr-util-odbc-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 7a6a111d5b85e5e935761e3bbd5d47590646e991106c4e61c5c5316eceaea0c7
apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 2c328feb4e1d0b0855879e9cf38a30f8e3ababce4222aa4e4d14a33bb457dd36
apr-util-openssl-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: d6c674e6ae823b21ca03945c9b5ca372f547be50da284fadfe98847826ce02e8
apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: a8ce0720ecf18873b352f2b0d8c8bbf517b17260f8d878a378c8b9a09f681008
apr-util-pgsql-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: 82400989565f1e3d0106d5093d1161d949aa12c190e9d611d6cdb68ddc093013
apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: e6beb03129fafdd32ba8ce17d91356c3266e4481e1e0611ab1c2e4427a5e8f2c
apr-util-sqlite-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: c955f7474d7d012aebbdea928b418da5587373f93850b1c13f7b4cf2f7500bed
apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.ppc64le.rpm
SHA-256: c0ece448ab4960d01b578de8f5412ad5320a3416ee79ea978c9921e83f2713fd
Red Hat Enterprise Linux for ARM 64 8
SRPM
apr-util-1.6.1-6.el8_8.1.src.rpm
SHA-256: 6e21b9901843795a392247bb5bfac0a20ad61c57ab5e8b877833a0cca601889b
aarch64
apr-util-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 8aa0c2b1f6e3dc87f51935f388adbce0b23f35c20d639c7acf6a956596c17454
apr-util-bdb-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 18e647681d17de04c3a66bf175eaf71f62731cc43f50b59fd719a23b9d9bf21a
apr-util-bdb-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 761688a39928fd645c87b1dac6b6407237232dcc3eb1c4457e919dad92186162
apr-util-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 4a77f81bc2562d17099108d5ef96817b921aa6ef26576ae3c2e4b45f1148d278
apr-util-debugsource-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 60974836014021af32954311767f42041247c391932b3592ecb3a451b813e22b
apr-util-devel-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: c6f1aed6fdccdd70f500f9d63644268dfe2ea21f1d8221a61c3b6932ea3c636e
apr-util-ldap-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 275ae6b9eb8f5eb329627191b094f7d9012bdc90cda73efef84617dce395a257
apr-util-ldap-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 267b3cc05ac9151d44ada3c3f2b5ea7d5bbbcc2a951f8dd2e0e091d4ea8fdd2c
apr-util-mysql-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 9303f61f113e40ae5d3ce644490d0ee9c2dfa143104cc27d3b42eca6332bc883
apr-util-mysql-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 1c6ed2a7bfe2cdeb02e694378c660eae4de8bab0f158b70ac23c2e37251d61a2
apr-util-odbc-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 4bbfa82bee0907c72b0d7fd7d6e5fc6980c70e3274ff31c05f1652ed3e2a6c63
apr-util-odbc-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: b13eccc411669d9705ab03547d6bba0bd4356aee5e7e7f9982d04cd8feb46bb7
apr-util-openssl-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 673d84b9163f422f59106e3416a9e11ce8ce96e92f4fb729e38cbfecbd6c9dcb
apr-util-openssl-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 36835752f36b0a3149ffa49143f63976dc85263809c2ca22bbb0c09bc8835c76
apr-util-pgsql-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: c66d5824e8c19df4ea1bb4480d38f731e60e03492a94c4d09506cac16b4a599c
apr-util-pgsql-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 8e6b93a3b0529aed9f7a23ef83295ab0c1698037740f95db7ebfa21a3a303d12
apr-util-sqlite-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 6438859b5746b4ef60f9e9efceaee3f04e1a353bd9349b54cafc9096e10faa24
apr-util-sqlite-debuginfo-1.6.1-6.el8_8.1.aarch64.rpm
SHA-256: 9c6bbd038e5ac2af8c42f15ffa3e4399ffd832e3468a03324d2ad514f781cceb
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.