漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618 )
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.5.4-6.18.amzn1: apr-util-sqlite,apr-util-mysql,apr-util-odbc,apr-util-openssl,apr-util-ldap,apr-util,apr-util-devel,apr-util-pgsql,apr-util-nss,apr-util-debuginfo,apr-util-freetds
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-929 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-929: Amazon Linux (apr-util (1.5.4-6.18.amzn1) on i686)
ALAS-2017-929: Amazon Linux (apr-util (1.5.4-6.18.amzn1) on x86_64)
ALAS-2017-929: Amazon Linux (apr-util (1.5.4-6.18.amzn1) on src)
0daybank
文章评论