* [SECURITY] Updated: libaprutil1-1.6.1-1
@ 2017-10-23 23:55 David Rothenberger
0 siblings, 0 replies; only message in thread
From: David Rothenberger @ 2017-10-23 23:55 UTC (permalink / raw)
To: cygwin-announce
SECURITY:
=========
APR-util 1.6.1 release addresses one security vulnerability;
CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
APR-util 1.6.0 and prior failed to validate the integrity of SDBM
database files used by apr_sdbm*() functions, resulting in a
possible out of bound read access. A local user with write access
to the database can make a program or process using these
functions crash, and cause a denial of service.
DESCRIPTION:
============
The mission of the Apache Portable Runtime (APR) project is to
create and maintain software libraries that provide a predictable
and consistent interface to underlying platform-specific
implementations. The primary goal is to provide an API to which
software developers may code and be assured of predictable if not
identical behaviour regardless of the platform on which their
software is built, relieving them of the need to code special-case
conditions to work around or take advantage of platform-specific
deficiencies or features.
QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing
list is the appropriate place.
--
David Rothenberger ---- daveroth@acm.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-23 23:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-23 23:55 [SECURITY] Updated: libaprutil1-1.6.1-1 David Rothenberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).