Headline
RHSA-2023:3145: Red Hat Security Advisory: apr-util security update
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Synopsis
Important: apr-util security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for apr-util is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Security Fix(es):
- apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Red Hat Enterprise Linux Server 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
x86_64
apr-util-1.5.2-6.el7_9.1.i686.rpm
SHA-256: ccd030493f90946c573a53c08383c6830d016d85a836ad93509a991aca65d20b
apr-util-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: f2d035dada238a4eec074b2ddf3186b4083bddf92b2d65fd16d9718d9268cf1f
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm
SHA-256: a5d95b9529594f9fd43133ac9ce075e4e708e5ba3d8956ed07dee328e404f891
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm
SHA-256: 571bf26d3e735be973bbb0e2f2db0737696403673f80389f8bb9f6b43031c798
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 34c08da45655de8f925467c863a8cf52655b86e5988f4172e80b30afd8a37088
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: e24b48447f31f60887d0d31bb29c0382014eee2b860142998498a380d3085037
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 3920ec9198114df3b55bb502eec0bc1fce966e8c69cba1db6f49dd3103a78002
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 2a5d6df6ba87542c83e78c334b340c2b0fb0b387962352e28a4b27ba1ca69653
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 95e28a7507a52529e776e2eb89da4782677770cc071e4b8c0d459fb6ccf7f363
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 869ef7bb70b17d67339405b8957fb8c2b6abe74a8382689e9907c0c081e08816
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: ae04b33018e5f79300db93fe3712db509877903101cad4f39d5497c3fc16c252
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: faf06805dc71b2ede432f66cca35a1450c89c911e694b9afae8b7039460b51d7
Red Hat Enterprise Linux Workstation 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
x86_64
apr-util-1.5.2-6.el7_9.1.i686.rpm
SHA-256: ccd030493f90946c573a53c08383c6830d016d85a836ad93509a991aca65d20b
apr-util-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: f2d035dada238a4eec074b2ddf3186b4083bddf92b2d65fd16d9718d9268cf1f
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm
SHA-256: a5d95b9529594f9fd43133ac9ce075e4e708e5ba3d8956ed07dee328e404f891
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm
SHA-256: 571bf26d3e735be973bbb0e2f2db0737696403673f80389f8bb9f6b43031c798
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 34c08da45655de8f925467c863a8cf52655b86e5988f4172e80b30afd8a37088
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: e24b48447f31f60887d0d31bb29c0382014eee2b860142998498a380d3085037
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 3920ec9198114df3b55bb502eec0bc1fce966e8c69cba1db6f49dd3103a78002
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 2a5d6df6ba87542c83e78c334b340c2b0fb0b387962352e28a4b27ba1ca69653
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 95e28a7507a52529e776e2eb89da4782677770cc071e4b8c0d459fb6ccf7f363
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 869ef7bb70b17d67339405b8957fb8c2b6abe74a8382689e9907c0c081e08816
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: ae04b33018e5f79300db93fe3712db509877903101cad4f39d5497c3fc16c252
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: faf06805dc71b2ede432f66cca35a1450c89c911e694b9afae8b7039460b51d7
Red Hat Enterprise Linux Desktop 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
x86_64
apr-util-1.5.2-6.el7_9.1.i686.rpm
SHA-256: ccd030493f90946c573a53c08383c6830d016d85a836ad93509a991aca65d20b
apr-util-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: f2d035dada238a4eec074b2ddf3186b4083bddf92b2d65fd16d9718d9268cf1f
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm
SHA-256: a5d95b9529594f9fd43133ac9ce075e4e708e5ba3d8956ed07dee328e404f891
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm
SHA-256: a5d95b9529594f9fd43133ac9ce075e4e708e5ba3d8956ed07dee328e404f891
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm
SHA-256: 571bf26d3e735be973bbb0e2f2db0737696403673f80389f8bb9f6b43031c798
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 34c08da45655de8f925467c863a8cf52655b86e5988f4172e80b30afd8a37088
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: e24b48447f31f60887d0d31bb29c0382014eee2b860142998498a380d3085037
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 3920ec9198114df3b55bb502eec0bc1fce966e8c69cba1db6f49dd3103a78002
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 2a5d6df6ba87542c83e78c334b340c2b0fb0b387962352e28a4b27ba1ca69653
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 95e28a7507a52529e776e2eb89da4782677770cc071e4b8c0d459fb6ccf7f363
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 869ef7bb70b17d67339405b8957fb8c2b6abe74a8382689e9907c0c081e08816
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: ae04b33018e5f79300db93fe3712db509877903101cad4f39d5497c3fc16c252
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: faf06805dc71b2ede432f66cca35a1450c89c911e694b9afae8b7039460b51d7
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
s390x
apr-util-1.5.2-6.el7_9.1.s390.rpm
SHA-256: 77157d018ab947348c756f21f6ee003d144ec9f414820d2480d1d7b4d387c50e
apr-util-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: f11392714cbdcc329b8ad8477cb970892541660600631c627a3c31c1ba0a4450
apr-util-debuginfo-1.5.2-6.el7_9.1.s390.rpm
SHA-256: c6c487cc605aef40ba2990c38a264fad6d18c811598ad270e54bbdb21f040de7
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: bfd7a328a9400815a3856d18d72fb17cd381fb0cbd37e7e384578a251126bd1a
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: bfd7a328a9400815a3856d18d72fb17cd381fb0cbd37e7e384578a251126bd1a
apr-util-devel-1.5.2-6.el7_9.1.s390.rpm
SHA-256: 18e667a7b941a96e7adca94eeb895e6cc62ca832a2786ea3b6d0b95386d81018
apr-util-devel-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: e25555c777010c3de3cc298436c16fdb0a4ec67b695d3c2eaf441d6a8d1dc226
apr-util-ldap-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: 385aece1e0bd501c857c44f3ba33139e7d067ea71a55f24d92990b0cfb8ba398
apr-util-mysql-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: c1da28290973aeac965a6deb77fdd0087d24c79b777694669a1b933f4c030b74
apr-util-nss-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: 6eb5c6921c4617d867a54c30e4aba23f68fec9e77590960add78b50927add15f
apr-util-odbc-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: 81bf4b8907cbc2524cf339455506387b0b6d7fd7642356dcd69c0302f8a6637c
apr-util-openssl-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: b96f55ce87010744dcee13a11da21d89fa387999a3f6c00d2d91c3692a8bdad6
apr-util-pgsql-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: 32065cbd79d474f49559ea6107425c21e275875ac6d6d8e5f8ce0955f3eab71d
apr-util-sqlite-1.5.2-6.el7_9.1.s390x.rpm
SHA-256: 8218e84bfb9889bf61b659a9f158597b72e6dfbc26b063720a978a02a932bc7d
Red Hat Enterprise Linux for Power, big endian 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
ppc64
apr-util-1.5.2-6.el7_9.1.ppc.rpm
SHA-256: 32c425da2230f67034b2b2db22a18373ce4fd20ba49db5c8ab72237d8c1780de
apr-util-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 08af1d3c2a819f2eb2041143826a022f739d3f5e4e778d18cf306a0b0ebd0717
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc.rpm
SHA-256: d30b3fc1c79cb4f0e27bc956d37deca96fd183b812195465ef80135cc8fddde2
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 2371562a468a5b2cd027c4e33f7eba7de196abe5c0c62cea30ea742e125151f2
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 2371562a468a5b2cd027c4e33f7eba7de196abe5c0c62cea30ea742e125151f2
apr-util-devel-1.5.2-6.el7_9.1.ppc.rpm
SHA-256: f11128a3052bcae3f47f63fbcf1789a7f6aa0b2c66338c75e8bc6ef682b8f365
apr-util-devel-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 7dc6e0c2a58de7bb27b9d93b215489cbbdefccdde47b4e2140ba812a0b12cfda
apr-util-ldap-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 1616625247bd6c649c324284dc95b51ce4f65a1bbf3a7cbff9dcc6b28269a88b
apr-util-mysql-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: a38f474d06c978f8bfd18630bd37da3ab9e40c644b07a22c53226b6a3b8dd51a
apr-util-nss-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 14b33c4f0d901a4e2bd8a42be98cc70d3a4e4d747c6249be0e93a5be4db64cb4
apr-util-odbc-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: e941c7229f92fe9efaf066b00523e570c8c71be02d30f96d89e82bd834d98c52
apr-util-openssl-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 9214857eb389bff159908da3f5277e34ca3d59fe4f3795c1bb31707892378aab
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: 9ef9a7cc21e06012a8c25d1f61ac576b63d641fe8a73aaec425dc51186806e09
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64.rpm
SHA-256: f1b03e62efefdae6ae082395623ed9e2101054cca9e8d97433e4a7a8ac207421
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
x86_64
apr-util-1.5.2-6.el7_9.1.i686.rpm
SHA-256: ccd030493f90946c573a53c08383c6830d016d85a836ad93509a991aca65d20b
apr-util-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: f2d035dada238a4eec074b2ddf3186b4083bddf92b2d65fd16d9718d9268cf1f
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm
SHA-256: a5d95b9529594f9fd43133ac9ce075e4e708e5ba3d8956ed07dee328e404f891
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: a9be7178e862a23e82c675931b169122ccec660a7c73140d72f9c49402c4e1e8
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm
SHA-256: 571bf26d3e735be973bbb0e2f2db0737696403673f80389f8bb9f6b43031c798
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 34c08da45655de8f925467c863a8cf52655b86e5988f4172e80b30afd8a37088
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: e24b48447f31f60887d0d31bb29c0382014eee2b860142998498a380d3085037
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 3920ec9198114df3b55bb502eec0bc1fce966e8c69cba1db6f49dd3103a78002
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 2a5d6df6ba87542c83e78c334b340c2b0fb0b387962352e28a4b27ba1ca69653
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 95e28a7507a52529e776e2eb89da4782677770cc071e4b8c0d459fb6ccf7f363
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: 869ef7bb70b17d67339405b8957fb8c2b6abe74a8382689e9907c0c081e08816
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: ae04b33018e5f79300db93fe3712db509877903101cad4f39d5497c3fc16c252
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm
SHA-256: faf06805dc71b2ede432f66cca35a1450c89c911e694b9afae8b7039460b51d7
Red Hat Enterprise Linux for Power, little endian 7
SRPM
apr-util-1.5.2-6.el7_9.1.src.rpm
SHA-256: 3343653f721b3cc14ebf92447ad0d916d1bec783971907aa87572735a5e933a8
ppc64le
apr-util-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: f38fc65a2b5d2e9d45ea883c483fcea287308d9f94c035f227e7ae8ac1921e28
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 63386b2f5343acbcbd5920372028ccbf21735e279bc4f5847efac20d63370b19
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 63386b2f5343acbcbd5920372028ccbf21735e279bc4f5847efac20d63370b19
apr-util-devel-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 45d0b3ff5e6737591516cb75c3e6767e1021b0f6dd0577af4a54fa84d629eff7
apr-util-ldap-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 54836b8e5a09a0977a95c263fb0b610baf583fef388afa1173f61396f90a6b06
apr-util-mysql-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 92087916645eb492ca3de25dc3e9f43e9c691224a0ce8d19bb983196ca0313d8
apr-util-nss-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 1dc3464eac3127174e7d3ea88e069efec699dd4744b8f6111bc3891b038ff863
apr-util-odbc-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 00de30203df28ec74dd62a7cd9dfefc5fcde7c02d1974ee49032305ce85f9a12
apr-util-openssl-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 30b0c13563ccd53f20a57b8085573cc24abbf13ce40baa924975acaef02da18b
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: 7c25213dc654624f35da8c3f3757f4639485935bf49efe996579b427fc06e4c8
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64le.rpm
SHA-256: b767918f5216f7eb092f2c5086f27fb8d27a564aeeecc9a492f84797d2f2b033
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.