Skip to content

Commit

Permalink
add CVE for release
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1920202 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@covener
covener committed Aug 26, 2024
1 parent 08e2a0d commit 75e3485
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,18 @@ Changes for APR 1.7.6

Changes for APR 1.7.5

*) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.
This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which
fixes this issue.
Credits: Thomas Stangner

*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
and "classic mmap" shared memory implementations. [Joe Orton,
Ruediger Pluem]
Expand Down

0 comments on commit 75e3485

Please sign in to comment.