Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Fedora Core 10 FEDORA-2009-5969 (apr-util)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to apr-util announced via advisory FEDORA-2009-5969.
Insight
Insight
Update Information: Update to upstream version 1.3.7, see: http://svn.apache.org/repos/asf/apr/apr-util/tags/1.3.7/CHANGES Security fixes: - CVE-2009-0023 Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service attack against the apr_xml_* interface using the billion laughs entity expansion technique. - CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on big-endian architectures. ChangeLog: * Mon Jun 8 2009 Bojan Smojver - 1.3.7-1 - bump up to 1.3.7 - CVE-2009-0023 - billion laughs fix of apr_xml_* interface
Solution
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update apr-util' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5969