CESA-2010:0950 -- centos 4 i386 apr-utilID: oval:org.secpod.oval:def:200195 | Date: (C)2012-01-31 (M)2023-11-09 |
Class: PATCH | Family: unix |
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line function. An attacker able to provide input in small chunks to an application using the apr-util library could possibly use this flaw to trigger high memory consumption. All apr-util users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr-util library, such as httpd, must be restarted for this update to take effect.