Arch Linux Security Advisory ASA-201710-33 ========================================== Severity: Low Date : 2017-10-27 CVE-ID : CVE-2017-12618 Package : apr-util Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-468 Summary ======= The package apr-util before version 1.6.1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.6.1-1. # pacman -Syu "apr-util>=1.6.1-1" The problem has been fixed upstream in version 1.6.1. Workaround ========== None. Description =========== APR-util 1.6.0 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Impact ====== A local attacker with write access to the database can cause a denial of service. References ========== https://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E https://security.archlinux.org/CVE-2017-12618