Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

References:

Re: [Fwd: APR Developer Advisory CVE-2009-2412] (William A. Rowe, Jr.)
Apache Portable Runtime Homepage (Apache Software Foundation)
Changes with Apache 2.2.13 (Apache Software Foundation)
CVE-2009-2412 - Multiple integer overflows in the Apache Portable Runtime (APR) (Sun)
CVE-2009-2412 Multiple integer overflows in the Apache Portable Runtime (APR) li (Oracle)
PK96157: SHIP APAR FIXES FOR H28W601 FIX PACK 6.0.2.39. 09/09/14 PTF PECHANGE (IBM)
PM10658: IBM HTTP SERVER 2.0.47 CUMULATIVE INTERIM FIX (IBM)
View of /apr/apr-util/branches/0.9.x/CHANGES (Matt Lewis)
View of /apr/apr-util/branches/1.3.x/CHANGES (Matt Lewis)
View of /apr/apr/branches/0.9.x/CHANGES (Matt Lewis)
View of /apr/apr/branches/1.3.x/CHANGES (Matt Lewis)
Interstage HTTP Server: Four Security Vulnerabilities (CVE-2009-1891/ CVE-2009-2 (Fujitsu)
PK93225: Apache Portable Runtime memory allocation functions can return invalid (IBM)
RHSA-2009:1204 apr and apr-util security update (Red Hat)
RHSA-2009:1462 Moderate: httpd22 security update (Red Hat)
September 13, 2011 - Director multiple Apache vulnerabilities (Blue Coat)

Privacy Statement
Copyright 2010, SecurityFocus