ALAS-2017-929


Amazon Linux AMI Security Advisory: ALAS-2017-929
Advisory Release Date: 2017-12-06 21:33 Pacific
Severity: Medium
References: CVE-2017-12618 

Issue Overview:

Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618 )


Affected Packages:

apr-util


Issue Correction:
Run yum update apr-util to update your system.

New Packages:
i686:
    apr-util-openssl-1.5.4-6.18.amzn1.i686
    apr-util-ldap-1.5.4-6.18.amzn1.i686
    apr-util-sqlite-1.5.4-6.18.amzn1.i686
    apr-util-pgsql-1.5.4-6.18.amzn1.i686
    apr-util-odbc-1.5.4-6.18.amzn1.i686
    apr-util-debuginfo-1.5.4-6.18.amzn1.i686
    apr-util-devel-1.5.4-6.18.amzn1.i686
    apr-util-freetds-1.5.4-6.18.amzn1.i686
    apr-util-nss-1.5.4-6.18.amzn1.i686
    apr-util-mysql-1.5.4-6.18.amzn1.i686
    apr-util-1.5.4-6.18.amzn1.i686

src:
    apr-util-1.5.4-6.18.amzn1.src

x86_64:
    apr-util-sqlite-1.5.4-6.18.amzn1.x86_64
    apr-util-mysql-1.5.4-6.18.amzn1.x86_64
    apr-util-odbc-1.5.4-6.18.amzn1.x86_64
    apr-util-openssl-1.5.4-6.18.amzn1.x86_64
    apr-util-ldap-1.5.4-6.18.amzn1.x86_64
    apr-util-1.5.4-6.18.amzn1.x86_64
    apr-util-devel-1.5.4-6.18.amzn1.x86_64
    apr-util-pgsql-1.5.4-6.18.amzn1.x86_64
    apr-util-nss-1.5.4-6.18.amzn1.x86_64
    apr-util-debuginfo-1.5.4-6.18.amzn1.x86_64
    apr-util-freetds-1.5.4-6.18.amzn1.x86_64