|Version||1.5.4-1+deb8u1 (jessie), 1.5.4-3+deb9u1 (stretch)|
|Related CVEs||CVE-2017-12618 CVE-2022-25147|
apr-util, Apache Portable Runtime Utility Library, had multiple vulnerabilities.
apr-util fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of apr-util allows an attacker to write beyond bounds of a buffer.
For Debian 8 jessie, these problems have been fixed in version 1.5.4-1+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 1.5.4-3+deb9u1.
We recommend that you upgrade your apr-util packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.