漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613 )
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.5.2-5.13.amzn1: apr-devel,apr-debuginfo,apr
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-928 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-928: Amazon Linux (apr (1.5.2-5.13.amzn1) on i686)
ALAS-2017-928: Amazon Linux (apr (1.5.2-5.13.amzn1) on x86_64)
0daybank
文章评论