New apr-util packages fix denial of service | Vulnerability Managment Blog

Hide threads | Keyboard Shortcuts

vulnerability management 8:43 am on October 9, 2010 Permalink Reply
Tags: critical watch ( 900 ), dsa-2117-1, jeff trawick, security ( 505 ), security advisories ( 695 ), vulnerability ( 725 ), vulnerability management ( 512 )

New apr-util packages fix denial of service

Users of apr-util please be advised of a New packages fix denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from http://www.criticalwatch.com

DSA-2117-1: [DSA-2117-1] New apr-util packages fix denial of service

Jeff Trawick discovered a flaw in the apr_brigade_split_line() function

in apr-util. A remote attacker could send crafted http requests to

cause a greatly increased memory consumption in Apache httpd, resulting

in a denial of service.

This upgrade fixes this issue. After the upgrade, any running apache2

server processes need to be restartedRead more at http://www.criticalwatch.com

See this Amp at http://bit.ly/aSeyRe

Reply Cancel reply

c: Compose new post
j: Next post/Next comment
k: Previous post/Previous comment
r: Reply
e: Edit
o: Show/Hide comments
t: Go to top
l: Go to login
h: Show/Hide help
shift + esc: Cancel