|
|
Subscribe / Log in / New account

Debian alert DLA-3332-1 (apr-util)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3332-1] apr-util security update


Date:
              Tue, 21 Feb 2023 22:00:09 +0200


Message-ID:
              <Y/UiyRQreQvZRyG9@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3332-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 21, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : apr-util
Version        : 1.6.1-4+deb10u1
CVE ID         : CVE-2022-25147

An Integer Overflow or Wraparound vulnerability was fixed in 
apr_base64() in the Apache Portable Runtime Utility Library.

For Debian 10 buster, this problem has been fixed in version
1.6.1-4+deb10u1.

We recommend that you upgrade your apr-util packages.

For the detailed security status of apr-util please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apr-util

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP1IskACgkQiNJCh6LY
mLELfw//SC753I6+9XM8DBZhNZCA2g8YaQOK+lrZTdd1tKelcgMKEANtlltZKq9j
okWf8aC5X5Fkti6Sb6A0HoMYxKhAVCxSRu4JNZOyrY3zsWjmom294mWWgh6R7m5b
M6D8V+u3S1tauaM1nGudteslUsXTjkntW2bUhlI/kHZUxTHxposcL9zDCYyXwWPR
XIadaxfX4uPgnSeHa13CZoRHdydBALQZxz+7+A4Y8BvqXTHdouqSYSondR9t3SaJ
NB2QDn+GQoeF/biIdV7bCruHCWGiKNvNI8vBg8OS521XtaOiQe+UECKDWjfp+Iut
DetQya+PwGUYrsNPzKtIFHD+s8jQWq/fyH9ztpI8O8nzDg2gjh8EMnQ8BXeeE8sv
mcEmF3VzZlxlkcB6Pv0ytAerkXO6SL2kZYalMcptQ9Uh6uwZbnVpobsickcdbT5R
uGJAcFY5ditPoP+OAQihqzzNI8DkrBlDOoH8lxOlwG1EOoM1xZKjrz9UEMdo5cib
BnLFbN4UOV4SD3kG7nxAb7/3R0tjHRS8CIefESO7TIuwi4oIPw03AlEaeAO8zZ38
hsLgFLVRM9/zxMj4flWKcAegCW5PYaGiFj5aC9IpNfX9qpc3luH2ET+gKFP29FgJ
8KSD9UKjRSpCVQ4pMmeaJrSezxbnJqBm1Q4lShsLW5tzXLRMjs0=
=HFVp
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds