SUSE-SU-2018:1322-1: moderate: Security update for libapr1

Wed May 16 19:09:19 MDT 2018

   SUSE Security Update: Security update for libapr1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1322-1
Rating:             moderate
References:         #1064982 
Cross-References:   CVE-2017-12613
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update fixes the following issues:

   - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or
     apr_os_exp_time*() functions (bsc#1064982).

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-libapr1-13607=1

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-libapr1-13607=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-libapr1-13607=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-libapr1-13607=1

Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      libapr1-devel-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libapr1-devel-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):

      libapr1-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64):

      libapr1-devel-32bit-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libapr1-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      libapr1-32bit-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libapr1-debuginfo-1.3.3-11.18.19.13.2
      libapr1-debugsource-1.3.3-11.18.19.13.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      libapr1-debuginfo-32bit-1.3.3-11.18.19.13.2

References:

   https://www.suse.com/security/cve/CVE-2017-12613.html
   https://bugzilla.suse.com/1064982