Auditorías de Seguridad de Red / Evaluación de vulnerabilidades de SecuritySpace

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                         MDVSA-2009:314
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apr
Date    : December 4, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Multiple security vulnerabilities has been identified and fixed in
apr and apr-util:

Multiple integer overflows in the Apache Portable Runtime (APR)
library and the Apache Portable Utility library (aka APR-util)
0.9.x and 1.3.x allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via vectors that
trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc
function in memory/unix/apr_pools.c in APR; or crafted calls to
the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc
function in misc/apr_rmm.c in APR-util; leading to buffer overflows.
NOTE: some of these details are obtained from third party information
(CVE-2009-2412).

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to
cause a denial of service (memory consumption) via a crafted XML
document containing a large number of nested entity references, as
demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
(CVE-2009-1955).

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util
before 1.3.5 on big-endian platforms allows remote attackers to obtain
sensitive information or cause a denial of service (application crash)
via crafted input (CVE-2009-1956).

Packages for 2008.0 are being provided due to extended support for
Corporate products.

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
d55d5dd456de0c7977f93bff217406d7  2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm
bd02eb2233dcc07aadd7e5eb84df9ce8  2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm
334e127fb8ac03379c8a5f2ee7c144b6  2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm
4307983fb3d21ab0f9955711e116f92e  2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm
ff24f1e1587f2210346ea134d4a2053e  2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm
3d50a85109e011ced9e36f1565e9bc69  2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm
b786e2329fc63d459b841bf001261543  2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm
6ef7669ea3d0db3dbaed35f35ae2dbdc  2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
1a923fc9c2f912ef339b942a59bff4e6  2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
91588bbcf3940cd106b0fe458be6d4b9  2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm
b71d8b14cc536cf8a2448b353d2b4047  2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm
10b889bb625dbae01711ed7e8e101744  2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm
068334fc392c68f9b29e629dd3776f83  2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm
a9ed011d8b421e8604e66a87a4972477  2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm
c08da53c4c88464249f46c6577f3c2a8  2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm
4b1b86a3e07f4b87a1a53f0dbaaa3aff  2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm
6ef7669ea3d0db3dbaed35f35ae2dbdc  2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
1a923fc9c2f912ef339b942a59bff4e6  2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy
wuYdtSQeV/bOOP7w17qo2V0=
=V8dA
-----END PGP SIGNATURE-----