| Description: | Description:
The remote host is missing an update to apr-util
announced via advisory FEDORA-2004-308.
The mission of the Apache Portable Runtime (APR) is to provide a
free library of C data structures and routines. This library
contains additional utility interfaces for APR
including support
for XML, LDAP, database interfaces, URI parsing and more.
Update Information:
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library. If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0786 to this issue.
This update includes a backported fix for this issue.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
707beabca3584d07dbcd3614b80093cb SRPMS/apr-util-0.9.4-14.2.src.rpm
902896dacdd450d100949c5a5af98f93 x86_64/apr-util-0.9.4-14.2.x86_64.rpm
58781e97602be02bb0b37d7039aaed78 x86_64/apr-util-devel-0.9.4-14.2.x86_64.rpm
02ef6a9f2c5651c7db6cd33432b86058 x86_64/debug/apr-util-debuginfo-0.9.4-14.2.x86_64.rpm
70b1159aff827af2930b5488064c4a00 i386/apr-util-0.9.4-14.2.i386.rpm
f602170d5cf714238b2a91f4ce4ae052 i386/apr-util-devel-0.9.4-14.2.i386.rpm
d9b03f13abf22c32ac291da2ce2a5a10 i386/debug/apr-util-debuginfo-0.9.4-14.2.i386.rpm
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-308.shtml
Risk factor : Medium
CVSS Score:
5.0
|
