Skip to navigation

Security Advisory Moderate: apr-util security update

Advisory: RHSA-2009:1107-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-16
Last updated on: 2009-06-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-0023
CVE-2009-1955
CVE-2009-1956

Details

Updated apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

apr-util is a utility library used with the Apache Portable Runtime (APR).
It aims to provide a free library of C data structures and routines. This
library contains additional utility interfaces for APR; including support
for XML, LDAP, database interfaces, URI parsing, and more.

An off-by-one overflow flaw was found in the way apr-util processed a
variable list of arguments. An attacker could provide a specially-crafted
string as input for the formatted output conversion routine, which could,
on big-endian platforms, potentially lead to the disclosure of sensitive
information or a denial of service (application crash). (CVE-2009-1956)

Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the
IBM S/390 and PowerPC. It does not affect users using the apr-util package
on little-endian platforms, due to their different organization of byte
ordering used to represent particular data.

A denial of service flaw was found in the apr-util Extensible Markup
Language (XML) parser. A remote attacker could create a specially-crafted
XML document that would cause excessive memory consumption when processed
by the XML decoding engine. (CVE-2009-1955)

A heap-based underwrite flaw was found in the way apr-util created compiled
forms of particular search patterns. An attacker could formulate a
specially-crafted search keyword, that would overwrite arbitrary heap
memory locations when processed by the pattern preparation engine.
(CVE-2009-0023)

All apr-util users should upgrade to these updated packages, which contain
backported patches to correct these issues. Applications using the Apache
Portable Runtime library, such as httpd, must be restarted for this update
to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
apr-util-1.2.7-7.el5_3.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 21881b84144575c694d603dabdd466a2
 
IA-32:
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 00b888aa101f7bbec23cb9223458e769
 
x86_64:
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-devel-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: d22ed0253c474f874064929db667c426
 
Red Hat Desktop (v. 4)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
apr-util-1.2.7-7.el5_3.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 21881b84144575c694d603dabdd466a2
 
IA-32:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-docs-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 235e7183e64bfc2cd58b5b7cab446740
 
IA-64:
apr-util-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 70b7039ce586cb82a4058f3f8ce3f7db
apr-util-devel-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: fa80e39f239a9b544dc2b454c94a1d69
apr-util-docs-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 740dca9eb742203d767f6ab713ad2fa9
 
PPC:
apr-util-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: 9d7ad81068b42b405769740d6232ed05
apr-util-1.2.7-7.el5_3.1.ppc64.rpm
File outdated by:  RHSA-2010:0950		     MD5: a8b6bff9204baa869b64459d2c9949cb
apr-util-devel-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: 46f3d75a8194f94d205f3889680eb780
apr-util-devel-1.2.7-7.el5_3.1.ppc64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 07963ab7a0e01547ce8dcbcdf5cf6e27
apr-util-docs-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: 8d6f16f41d670ab7e421879417f1fab7
 
s390x:
apr-util-1.2.7-7.el5_3.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: 7cdea16da389214a2fe2b74c728d3900
apr-util-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: 737c2515d060618860e9a1e02827b7e4
apr-util-devel-1.2.7-7.el5_3.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: 6e13b0f4be2fc2f3ceaa9d245530abaf
apr-util-devel-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: d95bd6def13a9ccaab83bcaea42e002e
apr-util-docs-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: 0971cae4e3d56b4bc9f8ec2b7d16e34e
 
x86_64:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 92cbbd4f9bac2eb49fd49e72898e75d7
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-devel-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: d22ed0253c474f874064929db667c426
apr-util-docs-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 038d5b8ea4ba00e82379de0fc25326de
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
IA-64:
apr-util-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: aa24b69bce51d92896440d10c6ec5637
apr-util-devel-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 41a44b8da8b6af7cd0cf7a11a88c4a1e
 
PPC:
apr-util-0.9.4-22.el4_8.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: 759a4c2217aeb36492ff9188e390760a
apr-util-devel-0.9.4-22.el4_8.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: bc23bca2d3187351f8a81be1a0889040
 
s390:
apr-util-0.9.4-22.el4_8.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: 775d9a5d6a08a81e2f125d2450f76a1e
apr-util-devel-0.9.4-22.el4_8.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: ef69f18dc202502dff150272927fb95c
 
s390x:
apr-util-0.9.4-22.el4_8.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: c30dff34331ad8f735d398361a0e875e
apr-util-devel-0.9.4-22.el4_8.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: 310db9aac07c0c468c4dd91f87592b17
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
IA-64:
apr-util-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: aa24b69bce51d92896440d10c6ec5637
apr-util-devel-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 41a44b8da8b6af7cd0cf7a11a88c4a1e
 
PPC:
apr-util-0.9.4-22.el4_8.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: 759a4c2217aeb36492ff9188e390760a
apr-util-devel-0.9.4-22.el4_8.1.ppc.rpm
File outdated by:  RHSA-2010:0950		     MD5: bc23bca2d3187351f8a81be1a0889040
 
s390:
apr-util-0.9.4-22.el4_8.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: 775d9a5d6a08a81e2f125d2450f76a1e
apr-util-devel-0.9.4-22.el4_8.1.s390.rpm
File outdated by:  RHSA-2010:0950		     MD5: ef69f18dc202502dff150272927fb95c
 
s390x:
apr-util-0.9.4-22.el4_8.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: c30dff34331ad8f735d398361a0e875e
apr-util-devel-0.9.4-22.el4_8.1.s390x.rpm
File outdated by:  RHSA-2010:0950		     MD5: 310db9aac07c0c468c4dd91f87592b17
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
apr-util-1.2.7-7.el5_3.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 21881b84144575c694d603dabdd466a2
 
IA-32:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-docs-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 235e7183e64bfc2cd58b5b7cab446740
 
x86_64:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 92cbbd4f9bac2eb49fd49e72898e75d7
apr-util-docs-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 038d5b8ea4ba00e82379de0fc25326de
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
IA-64:
apr-util-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: aa24b69bce51d92896440d10c6ec5637
apr-util-devel-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 41a44b8da8b6af7cd0cf7a11a88c4a1e
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
IA-64:
apr-util-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: aa24b69bce51d92896440d10c6ec5637
apr-util-devel-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 41a44b8da8b6af7cd0cf7a11a88c4a1e
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
apr-util-1.2.7-7.el5_3.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 21881b84144575c694d603dabdd466a2
 
IA-32:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-docs-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 235e7183e64bfc2cd58b5b7cab446740
 
IA-64:
apr-util-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 70b7039ce586cb82a4058f3f8ce3f7db
apr-util-devel-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: fa80e39f239a9b544dc2b454c94a1d69
apr-util-docs-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 740dca9eb742203d767f6ab713ad2fa9
 
PPC:
apr-util-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2009:1204		     MD5: 9d7ad81068b42b405769740d6232ed05
apr-util-1.2.7-7.el5_3.1.ppc64.rpm
File outdated by:  RHSA-2009:1204		     MD5: a8b6bff9204baa869b64459d2c9949cb
apr-util-devel-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2009:1204		     MD5: 46f3d75a8194f94d205f3889680eb780
apr-util-devel-1.2.7-7.el5_3.1.ppc64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 07963ab7a0e01547ce8dcbcdf5cf6e27
apr-util-docs-1.2.7-7.el5_3.1.ppc.rpm
File outdated by:  RHSA-2009:1204		     MD5: 8d6f16f41d670ab7e421879417f1fab7
 
s390x:
apr-util-1.2.7-7.el5_3.1.s390.rpm
File outdated by:  RHSA-2009:1204		     MD5: 7cdea16da389214a2fe2b74c728d3900
apr-util-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2009:1204		     MD5: 737c2515d060618860e9a1e02827b7e4
apr-util-devel-1.2.7-7.el5_3.1.s390.rpm
File outdated by:  RHSA-2009:1204		     MD5: 6e13b0f4be2fc2f3ceaa9d245530abaf
apr-util-devel-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2009:1204		     MD5: d95bd6def13a9ccaab83bcaea42e002e
apr-util-docs-1.2.7-7.el5_3.1.s390x.rpm
File outdated by:  RHSA-2009:1204		     MD5: 0971cae4e3d56b4bc9f8ec2b7d16e34e
 
x86_64:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 92cbbd4f9bac2eb49fd49e72898e75d7
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-devel-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: d22ed0253c474f874064929db667c426
apr-util-docs-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 038d5b8ea4ba00e82379de0fc25326de
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)
SRPMS:
apr-util-1.2.7-7.el5_3.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 21881b84144575c694d603dabdd466a2
 
IA-32:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-docs-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 235e7183e64bfc2cd58b5b7cab446740
 
IA-64:
apr-util-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 70b7039ce586cb82a4058f3f8ce3f7db
apr-util-devel-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: fa80e39f239a9b544dc2b454c94a1d69
apr-util-docs-1.2.7-7.el5_3.1.ia64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 740dca9eb742203d767f6ab713ad2fa9
 
x86_64:
apr-util-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 06b66a919b15a5c20eac2db3ebe83255
apr-util-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 92cbbd4f9bac2eb49fd49e72898e75d7
apr-util-devel-1.2.7-7.el5_3.1.i386.rpm
File outdated by:  RHSA-2009:1204		     MD5: 00b888aa101f7bbec23cb9223458e769
apr-util-devel-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: d22ed0253c474f874064929db667c426
apr-util-docs-1.2.7-7.el5_3.1.x86_64.rpm
File outdated by:  RHSA-2009:1204		     MD5: 038d5b8ea4ba00e82379de0fc25326de
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
apr-util-0.9.4-22.el4_8.1.src.rpm
File outdated by:  RHSA-2010:0950		     MD5: 2918a8258737a5b7abe9f706bda9f593
 
IA-32:
apr-util-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: 140c9a58339de64efc237ba76af54ccd
apr-util-devel-0.9.4-22.el4_8.1.i386.rpm
File outdated by:  RHSA-2010:0950		     MD5: c057f5001789cf981bbbeaddc0b68431
 
IA-64:
apr-util-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: aa24b69bce51d92896440d10c6ec5637
apr-util-devel-0.9.4-22.el4_8.1.ia64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 41a44b8da8b6af7cd0cf7a11a88c4a1e
 
x86_64:
apr-util-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 5bd829321760bd9dcf140a97a99374b3
apr-util-devel-0.9.4-22.el4_8.1.x86_64.rpm
File outdated by:  RHSA-2010:0950		     MD5: 66a79e28e304acda1956f02eeda1edb8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

503928 - CVE-2009-0023 apr-util heap buffer underwrite
504390 - CVE-2009-1956 apr-util single NULL byte buffer overflow
504555 - CVE-2009-1955 apr-util billion laughs attack


References

https://www.redhat.com/security/data/cve/CVE-2009-0023.html
https://www.redhat.com/security/data/cve/CVE-2009-1955.html
https://www.redhat.com/security/data/cve/CVE-2009-1956.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/