SUSE-SU-2023:0389-1

UNKNOWN

Security update for apr-util

Published Feb 13, 2023

Modified 3 years ago

Fix available

Details

This update for apr-util fixes the following issues:

CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)

Affected Packages

apr-util

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Basesystem 15 SP4SUSE Linux Enterprise Module for Server Applications 15 SP4

Fixed in:

1.6.1-150300.18.5.1

apr-util-devel

Fixed in:

1.6.1-150300.18.5.1

libapr-util1

Fixed in:

1.6.1-150300.18.5.1

libapr-util1-dbd-mysql

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP4SUSE Linux Enterprise Real Time 15 SP3

Fixed in:

1.6.1-150300.18.5.1

libapr-util1-dbd-pgsql

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP4SUSE Linux Enterprise Real Time 15 SP3

Fixed in:

1.6.1-150300.18.5.1

libapr-util1-dbd-sqlite3

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP4SUSE Linux Enterprise Real Time 15 SP3

Fixed in:

1.6.1-150300.18.5.1

libapr-util1-dbm-db

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3

Fixed in:

1.6.1-150300.18.5.1

References

REPORT

https://bugzilla.suse.com/1207866

WEB

https://www.suse.com/security/cve/CVE-2022-25147

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20230389-1/

Upstream

CVE-2022-25147

Ecosystems(12)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP4

Timeline

PublishedFeb 13, 2023

ModifiedFeb 13, 2023

SUSE-SU-2023:0389-1 | Mondoo Vulnerability Intelligence