Mandriva Linux Security Advisory 2009-314 - Multiple security vulnerabilities has been identified and fixed in apr and apr-util.
5a55dc7a21bb7948a31b389923144cacd08f07e3b91a30ff0c39089032a635bf
Gentoo Linux Security Advisory GLSA 200909-03 - Multiple integer overflows in the Apache Portable Runtime and its Utility Library might allow for the remote execution of arbitrary code. Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Versions less than 1.3.8 are affected.
e025791469b883b31e8662ca33b485721cffa7a61392bcb66f5cc709573df1a8
Debian Security Advisory 1854-1 - Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
e54e6a6aa34c4763920eaf4d1c189495881575c78b71087121c170ba95aa79a3
Subversion clients and servers, versions 1.6.0 through 1.6.3 and all versions prior to 1.5.7 suffer from several heap overflow vulnerabilities.
5fb21fd196a47fa32c9f15781dc6291a103c336a288af6ec506249d1ea6ca4a5
Ubuntu Security Notice USN-813-3 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
a66bcad1d5b347e9c1508af29c81788f84378ee970957436e3d17b7879b48460
Ubuntu Security Notice USN-813-2 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
1baed221a5a1b81cd2b58835a729530c1b4518db9c82892766ecb7a4f5236762
Ubuntu Security Notice USN-813-1 - Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
e9c60c6687e44151935903cf7df6706d95e898506cd5109483cdafb67fbe616f
Mandriva Linux Security Advisory 2009-195-1 - Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. This update provides fixes for these vulnerabilities. apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been addressed with this update.
e19e12dfa374019271c826c77738cc19daeb2cb161a5a0018a0d7f70da9128ce
Mandriva Linux Security Advisory 2009-195 - A vulnerability has been identified and corrected in apr and apr-util. This update provides fixes for these vulnerabilities.
65a23f9e0b8882b8afe1e667bae3c05d6ad58e8e697a8011a4920ea95ebf1171