Amazon Linux 1 Security Advisory: ALAS-2017-929
Advisory Release Date: 2017-12-05 21:59 Pacific
Advisory Updated Date: 2017-12-06 21:33 Pacific
Severity:
Medium
Issue Overview:
Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618)
Affected Packages:
apr-util
Issue Correction:
Run yum update apr-util to update your system.
New Packages:
i686:
apr-util-openssl-1.5.4-6.18.amzn1.i686
apr-util-ldap-1.5.4-6.18.amzn1.i686
apr-util-sqlite-1.5.4-6.18.amzn1.i686
apr-util-pgsql-1.5.4-6.18.amzn1.i686
apr-util-odbc-1.5.4-6.18.amzn1.i686
apr-util-debuginfo-1.5.4-6.18.amzn1.i686
apr-util-devel-1.5.4-6.18.amzn1.i686
apr-util-freetds-1.5.4-6.18.amzn1.i686
apr-util-nss-1.5.4-6.18.amzn1.i686
apr-util-mysql-1.5.4-6.18.amzn1.i686
apr-util-1.5.4-6.18.amzn1.i686
src:
apr-util-1.5.4-6.18.amzn1.src
x86_64:
apr-util-sqlite-1.5.4-6.18.amzn1.x86_64
apr-util-mysql-1.5.4-6.18.amzn1.x86_64
apr-util-odbc-1.5.4-6.18.amzn1.x86_64
apr-util-openssl-1.5.4-6.18.amzn1.x86_64
apr-util-ldap-1.5.4-6.18.amzn1.x86_64
apr-util-1.5.4-6.18.amzn1.x86_64
apr-util-devel-1.5.4-6.18.amzn1.x86_64
apr-util-pgsql-1.5.4-6.18.amzn1.x86_64
apr-util-nss-1.5.4-6.18.amzn1.x86_64
apr-util-debuginfo-1.5.4-6.18.amzn1.x86_64
apr-util-freetds-1.5.4-6.18.amzn1.x86_64