Bluewhite64 Linux: [Bluewhite64 Linux Security] apr-util [BW64SA:20090618-02]

Welcome

Be cool!

Linux, Bluewhite64 Linux T-shirts, Wall Clocks, Mugs, Hats, Bags

Buy Bluewhite64 DVDs
(USA Store)

Custom Search

RSS Feeds

Our news can be syndicated by using these rss feeds.

Latest Forum Posts

Posted by charlie
Updated the function: bw () { #Enter your [more ...]
24 Aug : 03:21

Posted by darshin
As we all know, ZFS is by far the best file system.People ha [more ...]
20 Aug : 16:17

Posted by charlie
Bluewhite64 should add something more than what Slackware64 [more ...]
26 Jul : 23:05

Posted by tpreitzel
Well, if we do see a new version of Bluewhite64, Arny is kee [more ...]
25 May : 23:19

Posted by Diver
Hello.I compiled KDE-4.4.3 with the help of Alien's scripts [more ...]
25 May : 21:35

Posted by /dev/twisted
I sure hope he does, I really like BW.I check this forum eve [more ...]
25 May : 08:48

Posted by Diver
Slackware-13.1 is out! )Can we hope to see the new version o [more ...]
25 May : 08:39

Posted by Kenjiro Tanaka
Eric/alienbob,I am really sorry. I really thought (before re [more ...]
29 Apr : 23:20

Posted by alienbob
Kenjiro,Thanks for finally giving public credit to the sourc [more ...]
29 Apr : 22:37

Posted by Kenjiro Tanaka
Hello there.Diver, my last two builds (kde-4.4.1 and kde-4.4 [more ...]
28 Apr : 15:04

[Bluewhite64 Linux Security] apr-util [BW64SA:20090618-02]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Bluewhite64 Linux Security] apr-util [BW64SA:20090618-02]

New apr-util (and apr) packages are available for Bluewhite64 11.0, 12.0, 12.1,
12.2 to fix security issues. The issues are with apr-util, but
older Bluewhite64 releases will require a new version of the apr package as well.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955

Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/apr-1.3.5-x86_64-1.tgz: Upgraded.
PATCHES/packages/apr-util-1.3.7-x86_64-1.tgz: Upgraded.
Fix underflow in apr_strmatch_precompile.
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
[*** Security fix ***]

Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/apr-1.3.5-x86_64-1.tgz
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/apr-util-1.3.7-x86_64-1.tgz

For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/apr-1.3.5-x86_64-1.tgz
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/apr-util-1.3.7-x86_64-1.tgz

For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/apr-1.3.5-x86_64-1.tgz
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/apr-util-1.3.7-x86_64-1.tgz

For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/apr-1.3.5-x86_64-1.tgz
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/apr-util-1.3.7-x86_64-1.tgz

Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.

MD5 signatures:
- ----------------
Bluewhite64 11.0 package:
16eeff37a5c9317fac40a3872a2b39fc apr-util-1.3.7-x86_64-1.tgz
3412e867b7eb9e40a0388de1153a7930 apr-1.3.5-x86_64-1.tgz

Bluewhite64 12.0 package:
47590cb6aa0487ca4e5236a019300ec4 apr-util-1.3.7-x86_64-1.tgz
c40164c814890f9fb47f3336b448ae15 apr-1.3.5-x86_64-1.tgz

Bluewhite64 12.1 package:
b98f852a57c0c809a9e7dcbeed599772 apr-util-1.3.7-x86_64-1.tgz
519c4bda0afb797c2ed3ef294c3bcc80 apr-1.3.5-x86_64-1.tgz

Bluewhite64 12.2 package:
c1f5ac55ace5fc7d2290e631f0d2ae0b apr-util-1.3.7-x86_64-1.tgz
4327e6f9210e08c4656c03ae46573c86 apr-1.3.5-x86_64-1.tgz

Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg apr-util-1.3.7-x86_64-1.tgz apr-1.3.5-x86_64-1.tgz

Restart any services that use apr-util.

- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key

security©bluewhite64.com

- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to

bluewhite64-security-unsubscribe©bluewhite64.com

You will get a confirmation message back containing
instructions to complete the process.

Please do not reply to this email address.
- ------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAko6p+sACgkQpTOsxuDdlY6F3gCZAS/rCB7GP2CxQ4M98E28wcQg
QIkAmwaXpDNYOpLK6OGwLpxzAwclU0L3
=eT/I
-----END PGP SIGNATURE-----