The Apache Portable Runtime (APR) is a portability library used by theApache HTTP Server and other projects. It aims to provide a free libraryof C data structures and routines. apr-util is a utility library used withAPR. This library provides additional utility interfaces for APR; includingsupport for XML parsing, LDAP, database interfaces, URI parsing, and more.Multiple integer overflow flaws, leading to heap-based buffer overflows,were found in the way the Apache Portable Runtime (APR) manages memory pooland relocatable memory allocations. An attacker could use these flaws toissue a specially-crafted request for memory allocation, which would leadto a denial of service (application crash) or, potentially, executearbitrary code with the privileges of an application using the APRlibraries. (CVE-2009-2412)All apr and apr-util users should upgrade to these updated packages, whichcontain backported patches to correct these issues. Applications using theAPR libraries, such as httpd, must be restarted for this update to takeeffect.