Headline
RHSA-2023:3380: Red Hat Security Advisory: apr-util security update
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Issued:
2023-05-31
Updated:
2023-05-31
RHSA-2023:3380 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: apr-util security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Security Fix(es):
- apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
apr-util-1.6.1-6.el8_2.1.src.rpm
SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31
x86_64
apr-util-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be
apr-util-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
apr-util-1.6.1-6.el8_2.1.src.rpm
SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31
x86_64
apr-util-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be
apr-util-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
apr-util-1.6.1-6.el8_2.1.src.rpm
SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31
ppc64le
apr-util-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: f20d7ff0e2fdf12f51d83d38543a5f3369b2d556ed673b907d649db6fc5a5ff0
apr-util-bdb-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 358d1a34b6fb580bd9f7fd1bd390b9fecca0dfc4f2a3cebf2b5f1544e0bd8524
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 7d6bc9be2bed1924ee9eb4e519afa141024771bebfb97844b214167c60735bc5
apr-util-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 76f40685b6c6f59cdb8920d37413fd36a23f32fd708fe0f11b76c422c1efdb06
apr-util-debugsource-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 0cdf765917c500cf13fef6b4a0d63f3537a1211be35e795a0e5c0681fdcfebf8
apr-util-devel-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: b7aacfea4c933d00ae1916cd0c2a115e0c0c980817eb66e8b333fd83f5ef9200
apr-util-ldap-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 70c1e48e282ce917beb27d1464ff8fcd60055586148c77ccfc7d6c2056491341
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 73c7a1e3446590cf64784fbf7c6cdfac92a614cbbdeb3e70834374a38721ea42
apr-util-mysql-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 82a236d5db2afcafc85c904acf1fc09cc398c9b7881caee96490f063861345b5
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: c5a34e5800bec081f03c3c7fcde206c917d78a15b16a926736b34880b54a92a0
apr-util-odbc-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 2f2080b1cc83b9662fc62a61dd0b2a2570c536a928c94d98c10f7362d1f618ee
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: fe2b75ddd2efcfe3f96d876cbf7b4be45609235a331b56e491aa62c10d4fca15
apr-util-openssl-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: ab53ca03d4565edb8de68b19e0bb3cd341a2a7b93965defd5efd1335b538a7c3
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 4be3ee7291376af74160da6511ff7c05c520564eb8f7210aa55bd93143acbc87
apr-util-pgsql-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: c3c357a52309019de3fe9f17bd10258f8d15225d96c30708a726c7a636d49718
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: e6743ae320fbd49b68b83912bdf670ff74d5c274d966e4f9d88ceda4e870bf6e
apr-util-sqlite-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 3c7b759bc273c42b7f1d5ec35286f79039fc6f8751d7c8ae6b3f91b989f4face
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm
SHA-256: 96a53f5a266f645e503baf23a625d9f94dd01172b78c5387a52ce12c691909d1
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
apr-util-1.6.1-6.el8_2.1.src.rpm
SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31
x86_64
apr-util-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be
apr-util-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm
SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm
SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.