Attachment 96660 Details for Bug 135310 – vuln.xml

vuln.xml

vuln.xml (text/plain), 1.88 KB, created by Eygene Ryabinkin on 2009-06-06 11:00:13 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eygene Ryabinkin

Created: 2009-06-06 11:00:13 UTC

Size: 1.88 KB

patch

obsolete

> <vuln vid="eb9212f7-526b-11de-bbf2-001b77d09812">
> <topic>apr -- multiple vulnerabilities</topic>
> <affects>
> <package>
> <name>apr</name>
> <range><lt>1.3.5.1.3.7</lt></range>
> </package>
> <package>
> <name>apache</name>
> <range><ge>2.2.0</ge><lt>2.2.11_5</lt></range>
> </package>
> </affects>
> <description>
> <body xmlns="http://www.w3.org/1999/xhtml">
> Secunia reports:
> <blockquote
> cite="http://secunia.com/advisories/35284/">
> Some vulnerabilities have been reported in APR-util, which
> can be exploited by malicious users and malicious people to
> cause a DoS (Denial of Service).
> A vulnerability is caused due to an error in the processing
> of XML files and can be exploited to exhaust all available
> memory via a specially crafted XML file containing a
> predefined entity inside an entity definition.
> A vulnerability is caused due to an error within the
> "apr_strmatch_precompile()" function in
> strmatch/apr_strmatch.c, which can be exploited to crash an
> application using the library.
> </blockquote>
> RedHat reports:
> <blockquote
> cite="https://bugzilla.redhat.com/show_bug.cgi?id=504390">
> A single NULL byte buffer overflow flaw was found in
> apr-util's apr_brigade_vprintf() function.
> </blockquote>
> </body>
> </description>
> <references>
> <cvename>CVE-2009-0023</cvename>
> <bid>35221</bid>
> <url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url>
> <url>http://secunia.com/advisories/35284/</url>
> <url>https://bugzilla.redhat.com/show_bug.cgi?id=504390</url>
> </references>
> <dates>
> <discovery>2009-06-05</discovery>
> <entry>TODAY</entry>
> </dates>
> </vuln>

Actions: View

Attachments on bug 135310: 96660