Red Hat Bugzilla – Bug 515698
CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management
Last modified: 2016-03-04 07:23:38 EST
Multiple integer overflow flaws, leading to heap-based overflows were found in the way Apache Portable Runtime (APR) library used to manage memory pool and relocatable memory allocations. An attacker could issue a specially-crafted request for memory allocation, leading to denial of service (crash) or, potentially, execute arbitrary code with the privileges of an application using APR library. Upstream patches: ----------------- http://www.apache.org/dist/apr/patches/
apr-util-1.3.9-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
apr-1.3.8-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
apr-util-1.3.9-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
apr-1.3.8-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2009:1204 https://rhn.redhat.com/errata/RHSA-2009-1204.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1205 https://rhn.redhat.com/errata/RHSA-2009-1205.html
This issue has been addressed in following products: JBEWS 1.0.0 for RHEL 4 Via RHSA-2009:1462 https://rhn.redhat.com/errata/RHSA-2009-1462.html
Issue was fixed in upstream Apache httpd 2.2.13 version: http://httpd.apache.org/security/vulnerabilities_22.html
This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html