Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3380: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Red Hat Security Data
#sql#vulnerability#linux#red_hat#apache#ldap#sap#ssl

Issued:

2023-05-31

Updated:

2023-05-31

RHSA-2023:3380 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: apr-util security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

  • apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

apr-util-1.6.1-6.el8_2.1.src.rpm

SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31

x86_64

apr-util-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be

apr-util-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f

apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169

apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1

apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e

apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb

apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618

apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d

apr-util-devel-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce

apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82

apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f

apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3

apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c

apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b

apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9

apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c

apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

apr-util-1.6.1-6.el8_2.1.src.rpm

SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31

x86_64

apr-util-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be

apr-util-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f

apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169

apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1

apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e

apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb

apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618

apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d

apr-util-devel-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce

apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82

apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f

apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3

apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c

apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b

apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9

apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c

apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

apr-util-1.6.1-6.el8_2.1.src.rpm

SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31

ppc64le

apr-util-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: f20d7ff0e2fdf12f51d83d38543a5f3369b2d556ed673b907d649db6fc5a5ff0

apr-util-bdb-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 358d1a34b6fb580bd9f7fd1bd390b9fecca0dfc4f2a3cebf2b5f1544e0bd8524

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 7d6bc9be2bed1924ee9eb4e519afa141024771bebfb97844b214167c60735bc5

apr-util-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 76f40685b6c6f59cdb8920d37413fd36a23f32fd708fe0f11b76c422c1efdb06

apr-util-debugsource-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 0cdf765917c500cf13fef6b4a0d63f3537a1211be35e795a0e5c0681fdcfebf8

apr-util-devel-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: b7aacfea4c933d00ae1916cd0c2a115e0c0c980817eb66e8b333fd83f5ef9200

apr-util-ldap-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 70c1e48e282ce917beb27d1464ff8fcd60055586148c77ccfc7d6c2056491341

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 73c7a1e3446590cf64784fbf7c6cdfac92a614cbbdeb3e70834374a38721ea42

apr-util-mysql-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 82a236d5db2afcafc85c904acf1fc09cc398c9b7881caee96490f063861345b5

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: c5a34e5800bec081f03c3c7fcde206c917d78a15b16a926736b34880b54a92a0

apr-util-odbc-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 2f2080b1cc83b9662fc62a61dd0b2a2570c536a928c94d98c10f7362d1f618ee

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: fe2b75ddd2efcfe3f96d876cbf7b4be45609235a331b56e491aa62c10d4fca15

apr-util-openssl-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: ab53ca03d4565edb8de68b19e0bb3cd341a2a7b93965defd5efd1335b538a7c3

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 4be3ee7291376af74160da6511ff7c05c520564eb8f7210aa55bd93143acbc87

apr-util-pgsql-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: c3c357a52309019de3fe9f17bd10258f8d15225d96c30708a726c7a636d49718

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: e6743ae320fbd49b68b83912bdf670ff74d5c274d966e4f9d88ceda4e870bf6e

apr-util-sqlite-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 3c7b759bc273c42b7f1d5ec35286f79039fc6f8751d7c8ae6b3f91b989f4face

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

SHA-256: 96a53f5a266f645e503baf23a625d9f94dd01172b78c5387a52ce12c691909d1

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

apr-util-1.6.1-6.el8_2.1.src.rpm

SHA-256: ad2889b265268e1b336af3754ec6acbd801b06e489c6bc408c4d6add3913ff31

x86_64

apr-util-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 84f211989c9bc7d1f899f6fb113d0b72dfdc44b9c9625f0d9b43210b52d165be

apr-util-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 8cc904b1aca38fae7ae15248e1c54e087cecd9b4fe88a601bb8f1e04a1a4793f

apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 5ca534c22ea023d6c3afd20aa3a8e34ccb35eb74145d066aa890c6b2db759169

apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 404be51f9ebc8aeda015a31d981543a5c7629e2a31e1b3e28ea375c56963fd03

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 41351a429cb2f130506f370ee19e5d997e30a6c604870e3feba72a98f3547f55

apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 5e71147179d664212f08e06faaf30d451789bddaabbd245bfe843ec72db11dd1

apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: eabbfba3abf5ec16b4c681f775608882f13eb712c82aabe857012ed2a7ebfc4e

apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 2483a925ff112e4107e4e08ca4c8ec4426b73a7f51e42bd1ffbc083adbaf0bcb

apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1a90fbed7537410b7fe7badae306ba62c791e864b7406ea18ff6986ae8121618

apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: bfa81df182c94ff1c30b5fcbc8330464781026dea374c7bbff8db7adff7d277d

apr-util-devel-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7bf049bdf92d545839716ca8a5f6979716f4ba73eacda9784048e230111d27ce

apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 966a7c77da12e8b25228c5237f8a00089dd6bbedad4641a589a920d40bd09a82

apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0944c99fa81574ce28d960e441abad5759bb19fee8bde87d7e6c0736ba4f946b

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 79a352789b48ef013ec975de29f565d3b265bed3832922e18e2e6da376e29cca

apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 3976d97cc88f6e671d1b7df7c606facecf2bcf649a7cafa51216250c9386552f

apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f8b4d26ca6d48b7e7d07dd54c6ef76bbfd2f0f08c400121c266eb45712619e75

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: c17c73d120f140aaf7cfee1dc8956f2beca2c8f9c241a1c6660b835e1c50df5d

apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: c1f1b84b6869b8f1a03f6b6918411f309d6ff31cc39984a88d1e443cbec552e3

apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 52c2c7fb94ce29134891cfd33ef886aa2daf2a8f70530136391db73929a225c4

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: b40b095b833cf3dc563b8094f08ce03a4b40e4e52fb1edf25f6836b2066b216f

apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: b5f35e3696f066466156148b44afa525f4f3d06179d1af3e62f20bc059cb709c

apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 1b2867184e8ab8d4eb429513c6e422c383fbc0b41b2105e2e9dc9e3577ed0c0b

apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 68865190c23f1a2136d766f1a414d41d12bd020b82572d492858964f18a05e35

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: dbae31d5e13e64f4a9b03018582d195ae6e7aa6807e67fd49d031aceb35c1857

apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 0abf2b8c2f0c35b57b85abaac9a9814f0f522b3be29763f68b6e892d2d1377c9

apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: 56ee3b3f2dba9a358c42a10a17d34aa4a86d45d36f85d9b460f6b2d4dd9745ee

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: f6421cedfc9cc3e04e45980699e81f9e5cc0e82c7bbc4385ffbe4dfbd9c856b1

apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: ac12cac130d847e793aba4e0c1b583cee4fb62a0f98984d9f6979a46f5f3320c

apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: a801e19c653bf0528f8035f003a0bf8f0e85ec4c3afd42ba7e79648488cd49ea

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm

SHA-256: 7a5f4abb7cb25a4045405a04ac5e0a58d6fde6a11c137a76de224f94616a2fc6

apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

SHA-256: f72b13142ac10f583d7335234d7e68d250200f3f8099652952de743c7422d359

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...

Red Hat Security Advisory 2023-3309-01

Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3287-01

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3380-01

Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

RHSA-2023:3309: Red Hat Security Advisory: OpenShift Container Platform 4.11.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...

Red Hat Security Advisory 2023-3177-01

Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3147-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3146-01

Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3177: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3145: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3109: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

Debian Security Advisory 5364-1

Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.

Ubuntu Security Notice USN-5870-1

Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

CVE-2022-25147

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.