Test Kennung:	1.3.6.1.4.1.25623.1.0.64298
Kategorie:	Fedora Local Security Checks
Titel:	Fedora Core 10 FEDORA-2009-5969 (apr-util)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to apr-util announced via advisory FEDORA-2009-5969. Update Information: Update to upstream version 1.3.7, see: http://svn.apache.org/repos/asf/apr/apr-util/tags/1.3.7/CHANGES Security fixes: - CVE-2009-0023 Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service attack against the apr_xml_* interface using the billion laughs entity expansion technique. - CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on big-endian architectures. ChangeLog: * Mon Jun 8 2009 Bojan Smojver - 1.3.7-1 - bump up to 1.3.7 - CVE-2009-0023 - billion laughs fix of apr_xml_* interface References: [ 1 ] Bug #504555 - CVE-2009-1955 apr-util billion laughs attack https://bugzilla.redhat.com/show_bug.cgi?id=504555 [ 2 ] Bug #504390 - CVE-2009-1956 apr-util single NULL byte buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=504390 [ 3 ] Bug #503928 - CVE-2009-0023 apr-util heap buffer underwrite https://bugzilla.redhat.com/show_bug.cgi?id=503928 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update apr-util' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5969 CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0023 AIX APAR: PK88341 http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341 AIX APAR: PK91241 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241 AIX APAR: PK99478 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35221 http://www.securityfocus.com/bid/35221 Bugtraq: 20091112 rPSA-2009-0144-1 apr-util (Google Search) http://www.securityfocus.com/archive/1/507855/100/0/threaded Debian Security Information: DSA-1812 (Google Search) http://www.debian.org/security/2009/dsa-1812 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html http://security.gentoo.org/glsa/glsa-200907-03.xml HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT100345 http://www.mandriva.com/security/advisories?name=MDVSA-2009:131 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321 http://www.redhat.com/support/errata/RHSA-2009-1107.html http://www.redhat.com/support/errata/RHSA-2009-1108.html http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35360 http://secunia.com/advisories/35395 http://secunia.com/advisories/35444 http://secunia.com/advisories/35487 http://secunia.com/advisories/35565 http://secunia.com/advisories/35710 http://secunia.com/advisories/35797 http://secunia.com/advisories/35843 http://secunia.com/advisories/37221 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210 http://www.ubuntu.com/usn/usn-786-1 http://www.ubuntu.com/usn/usn-787-1 http://www.vupen.com/english/advisories/2009/1907 http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: apache-aprstrmatchprecompile-dos(50964) https://exchange.xforce.ibmcloud.com/vulnerabilities/50964 Common Vulnerability Exposure (CVE) ID: CVE-2009-1955 AIX APAR: PK88342 http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342 BugTraq ID: 35253 http://www.securityfocus.com/bid/35253 Bugtraq: 20090824 rPSA-2009-0123-1 apr-util (Google Search) http://www.securityfocus.com/archive/1/506053/100/0/threaded https://www.exploit-db.com/exploits/8842 http://marc.info/?l=apr-dev&m=124396021826125&w=2 https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2009/06/03/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473 http://secunia.com/advisories/36473 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2010/1107 Common Vulnerability Exposure (CVE) ID: CVE-2009-1956 BugTraq ID: 35251 http://www.securityfocus.com/bid/35251 http://www.mail-archive.com/dev@apr.apache.org/msg21591.html http://www.mail-archive.com/dev@apr.apache.org/msg21592.html https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2009/06/06/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11567 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12237
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.