[SECURITY] [DLA 3332-1] apr-util security update

2023-02-2120:00:09

lists.debian.org

debian lts

apache portable runtime utility library

cve-2022-25147

buster

security tracker

integer overflow

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Debian LTS Advisory DLA-3332-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
February 21, 2023 https://wiki.debian.org/LTS

Package : apr-util
Version : 1.6.1-4+deb10u1
CVE ID : CVE-2022-25147

An Integer Overflow or Wraparound vulnerability was fixed in
apr_base64() in the Apache Portable Runtime Utility Library.

For Debian 10 buster, this problem has been fixed in version
1.6.1-4+deb10u1.

We recommend that you upgrade your apr-util packages.

For the detailed security status of apr-util please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apr-util

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11ppc64ellibaprutil1-ldap< 1.6.1-5+deb11u1libaprutil1-ldap_1.6.1-5+deb11u1_ppc64el.deb
Debian10amd64libaprutil1-dbd-mysql< 1.6.1-4+deb10u1libaprutil1-dbd-mysql_1.6.1-4+deb10u1_amd64.deb
Debian11armhflibaprutil1-dbd-sqlite3-dbgsym< 1.6.1-5+deb11u1libaprutil1-dbd-sqlite3-dbgsym_1.6.1-5+deb11u1_armhf.deb
Debian11mipsellibaprutil1-dbd-odbc< 1.6.1-5+deb11u1libaprutil1-dbd-odbc_1.6.1-5+deb11u1_mipsel.deb
Debian11mipsellibaprutil1-dbd-mysql-dbgsym< 1.6.1-5+deb11u1libaprutil1-dbd-mysql-dbgsym_1.6.1-5+deb11u1_mipsel.deb
Debian11arm64libaprutil1-dbd-sqlite3< 1.6.1-5+deb11u1libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_arm64.deb
Debian11armhflibaprutil1-dbd-sqlite3< 1.6.1-5+deb11u1libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_armhf.deb
Debian11armhflibaprutil1-dbd-mysql< 1.6.1-5+deb11u1libaprutil1-dbd-mysql_1.6.1-5+deb11u1_armhf.deb
Debian11amd64libaprutil1-ldap< 1.6.1-5+deb11u1libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb
Debian11amd64libaprutil1-dbd-mysql< 1.6.1-5+deb11u1libaprutil1-dbd-mysql_1.6.1-5+deb11u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	ppc64el	libaprutil1-ldap	< 1.6.1-5+deb11u1	libaprutil1-ldap_1.6.1-5+deb11u1_ppc64el.deb
Debian	10	amd64	libaprutil1-dbd-mysql	< 1.6.1-4+deb10u1	libaprutil1-dbd-mysql_1.6.1-4+deb10u1_amd64.deb
Debian	11	armhf	libaprutil1-dbd-sqlite3-dbgsym	< 1.6.1-5+deb11u1	libaprutil1-dbd-sqlite3-dbgsym_1.6.1-5+deb11u1_armhf.deb
Debian	11	mipsel	libaprutil1-dbd-odbc	< 1.6.1-5+deb11u1	libaprutil1-dbd-odbc_1.6.1-5+deb11u1_mipsel.deb
Debian	11	mipsel	libaprutil1-dbd-mysql-dbgsym	< 1.6.1-5+deb11u1	libaprutil1-dbd-mysql-dbgsym_1.6.1-5+deb11u1_mipsel.deb
Debian	11	arm64	libaprutil1-dbd-sqlite3	< 1.6.1-5+deb11u1	libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_arm64.deb
Debian	11	armhf	libaprutil1-dbd-sqlite3	< 1.6.1-5+deb11u1	libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_armhf.deb
Debian	11	armhf	libaprutil1-dbd-mysql	< 1.6.1-5+deb11u1	libaprutil1-dbd-mysql_1.6.1-5+deb11u1_armhf.deb
Debian	11	amd64	libaprutil1-ldap	< 1.6.1-5+deb11u1	libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb
Debian	11	amd64	libaprutil1-dbd-mysql	< 1.6.1-5+deb11u1	libaprutil1-dbd-mysql_1.6.1-5+deb11u1_amd64.deb