Please Install the Updated Packages.

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) All apr-util users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr-util library, such as httpd, must be restarted for this update to take effect.

apr-util on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux AS version 4, Red Hat Enterprise Linux ES version 4, Red Hat Enterprise Linux WS version 4

• https://www.redhat.com/archives/rhsa-announce/2010-December/msg00010.html

---

Updated on 2015-03-25