A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.
Unitrends could be vulnerable to this, but it requires a great deal of expertise to craft the exploit. It would also require network access to the Unitrends system. No data would be affected, but it could slow down the system.
The CentOS6.5 distribution already contains the fix.
- For CentOS6, the distribution already contains this fix.
- For CentOS5, apr-util-1.2.7-11.el5_5.2 or later has this fix, and Unitrends appliances should already have apr-util-1.2.7-7.el5_3.2.
- Upstream Apache httpd 2.2.12
LINK TO ADVISORIES