CVE-2010-1623
Published: 4 October 2010
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Notes
| Author | Note |
|---|---|
| mdeslaur | will be fixed in apache2 2.2.17. apache2 has an embedded code copy of apr-util. Dapper uses the embedded version, hardy+ uses the system apr-util. apache2 2.2.15+ also use the code in mod_reqtimeout lucid mod_reqtimeout backport already contains this fix |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.0.55-4ubuntu2.12)
|
| hardy |
Not vulnerable
(2.2.8-1ubuntu0.18)
|
|
| jaunty |
Not vulnerable
(2.2.11-2ubuntu2.7)
|
|
| karmic |
Not vulnerable
(2.2.12-1ubuntu2.3)
|
|
| lucid |
Not vulnerable
(2.2.14-5ubuntu8.2)
|
|
| maverick |
Released
(2.2.16-1ubuntu3.1)
|
|
| upstream |
Released
(2.2.16-3)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1003626 upstream: http://svn.apache.org/viewvc?view=revision&revision=1005669 |
||
|
apr-util Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(1.2.12+dfsg-3ubuntu0.3)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(1.3.9+dfsg-1ubuntu1.1)
|
|
| lucid |
Released
(1.3.9+dfsg-3ubuntu0.10.04.1)
|
|
| maverick |
Released
(1.3.9+dfsg-3ubuntu0.10.10.1)
|
|
| upstream |
Released
(1.3.9+dfsg-4)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1003494 |
||