openSUSE Security Update: libapr1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0859-1 Rating: moderate References: #653510 #670027 #690734 #693778 Cross-References: CVE-2010-1623 CVE-2011-0419 CVE-2011-1928 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update fixes: - CVE-2011-0419 and CVE-2011-1928: unconstrained recursion when processing patterns - CVE-2010-1623: a remote DoS (memory leak) in APR's reqtimeout_filter function Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch apache2-4926 - openSUSE 11.3: zypper in -t patch apache2-4926 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-2.2.17-4.5.1 apache2-devel-2.2.17-4.5.1 apache2-example-certificates-2.2.17-4.5.1 apache2-example-pages-2.2.17-4.5.1 apache2-itk-2.2.17-4.5.1 apache2-prefork-2.2.17-4.5.1 apache2-utils-2.2.17-4.5.1 apache2-worker-2.2.17-4.5.1 libapr-util1-1.3.9-10.11.1 libapr-util1-dbd-mysql-1.3.9-10.11.1 libapr-util1-dbd-pgsql-1.3.9-10.11.1 libapr-util1-dbd-sqlite3-1.3.9-10.11.1 libapr-util1-devel-1.3.9-10.11.1 libapr1-1.4.2-4.5.1 libapr1-devel-1.4.2-4.5.1 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-4.5.1 - openSUSE 11.3 (i586 x86_64): apache2-2.2.15-4.3.1 apache2-devel-2.2.15-4.3.1 apache2-example-certificates-2.2.15-4.3.1 apache2-example-pages-2.2.15-4.3.1 apache2-itk-2.2.15-4.3.1 apache2-prefork-2.2.15-4.3.1 apache2-utils-2.2.15-4.3.1 apache2-worker-2.2.15-4.3.1 libapr-util1-1.3.9-7.3.1 libapr-util1-dbd-mysql-1.3.9-7.3.1 libapr-util1-dbd-pgsql-1.3.9-7.3.1 libapr-util1-dbd-sqlite3-1.3.9-7.3.1 libapr-util1-devel-1.3.9-7.3.1 libapr1-1.3.8-8.3.1 libapr1-devel-1.3.8-8.3.1 - openSUSE 11.3 (noarch): apache2-doc-2.2.15-4.3.1 References: http://support.novell.com/security/cve/CVE-2010-1623.html http://support.novell.com/security/cve/CVE-2011-0419.html http://support.novell.com/security/cve/CVE-2011-1928.html https://bugzilla.novell.com/653510 https://bugzilla.novell.com/670027 https://bugzilla.novell.com/690734 https://bugzilla.novell.com/693778