| Description: | Description:
The remote host is missing an update to apr-util
announced via advisory FEDORA-2004-307.
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library. If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0786 to this issue.
This update includes a backported patch for this issue.
* Wed Sep 15 2004 Joe Orton 0.9.4-2.1
- add security fix for CVE-2004-0786
- add fix for SHA1 password support
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
a20b967ffa4e004ba2c24ae6f6d0285b SRPMS/apr-util-0.9.4-2.1.src.rpm
51a0579a62f8a8883946b88863aec3d0 x86_64/apr-util-0.9.4-2.1.x86_64.rpm
814f6f5290b802b1997da32c569034c1 x86_64/apr-util-devel-0.9.4-2.1.x86_64.rpm
0344e8181664d9e6b37bc298fe79cc95 x86_64/debug/apr-util-debuginfo-0.9.4-2.1.x86_64.rpm
6d8df3d6e25c851161e1865f96eab6b4 i386/apr-util-0.9.4-2.1.i386.rpm
bcf23f81f50ff80b3fff315b1a6aff92 i386/apr-util-devel-0.9.4-2.1.i386.rpm
ea3b514f7544b0eef8deacf1b4e57a62 i386/debug/apr-util-debuginfo-0.9.4-2.1.i386.rpm
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-307.shtml
Risk factor : Medium
CVSS Score:
5.0
|
