ALAS-2017-928


Amazon Linux AMI Security Advisory: ALAS-2017-928
Advisory Release Date: 2017-12-06 21:33 Pacific
Severity: Important
References: CVE-2017-12613 

Issue Overview:

An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613 )


Affected Packages:

apr


Issue Correction:
Run yum update apr to update your system.

New Packages:
i686:
    apr-devel-1.5.2-5.13.amzn1.i686
    apr-1.5.2-5.13.amzn1.i686
    apr-debuginfo-1.5.2-5.13.amzn1.i686

src:
    apr-1.5.2-5.13.amzn1.src

x86_64:
    apr-devel-1.5.2-5.13.amzn1.x86_64
    apr-debuginfo-1.5.2-5.13.amzn1.x86_64
    apr-1.5.2-5.13.amzn1.x86_64