Candidate: CVE-2017-12618
PublicDate: 2017-10-24 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618
 http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
Description:
 Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate
 the integrity of SDBM database files used by apr_sdbm*() functions,
 resulting in a possible out of bound read access. A local user with write
 access to the database can make a program or process using these functions
 crash, and cause a denial of service.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H [4.7 MEDIUM]


Patches_apr-util:
upstream_apr-util: released (1.6.1-1)
precise/esm_apr-util: ignored (end of ESM support, was needs-triage)
trusty_apr-util: ignored (reached end-of-life)
trusty/esm_apr-util: needed
xenial_apr-util: ignored (end of standard support, was needed)
esm-infra/xenial_apr-util: needed
zesty_apr-util: ignored (reached end-of-life)
artful_apr-util: ignored (reached end-of-life)
bionic_apr-util: not-affected (1.6.1-2)
cosmic_apr-util: not-affected (1.6.1-2)
disco_apr-util: not-affected (1.6.1-2)
eoan_apr-util: not-affected (1.6.1-2)
focal_apr-util: not-affected (1.6.1-2)
groovy_apr-util: not-affected (1.6.1-2)
hirsute_apr-util: not-affected (1.6.1-2)
impish_apr-util: not-affected (1.6.1-2)
jammy_apr-util: not-affected (1.6.1-2)
devel_apr-util: not-affected (1.6.1-2)