Security update for libapr1 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1214-1 Final 1 1 2018-05-10T18:01:27Z current 2018-05-10T18:01:27Z 2018-05-10T18:01:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libapr1 This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-05/msg00035.html E-Mail link for openSUSE-SU-2018:1214-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libapr1-1.5.1-9.3.1 libapr1-devel-1.5.1-9.3.1 libapr1-1.5.1-9.3.1 as a component of openSUSE Leap 42.3 libapr1-devel-1.5.1-9.3.1 as a component of openSUSE Leap 42.3 When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. CVE-2017-12613 openSUSE Leap 42.3:libapr1-1.5.1-9.3.1 openSUSE Leap 42.3:libapr1-devel-1.5.1-9.3.1 moderate 2.7 AV:L/AC:M/Au:M/C:P/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-05/msg00035.html https://www.suse.com/security/cve/CVE-2017-12613.html CVE-2017-12613 https://bugzilla.suse.com/1064982 SUSE Bug 1064982