Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

The host is installed with Apache APR and APR-Util and is prone to multiple Integer Overflow vulnerabilities.
Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service. Impact Level: Application
Upgrade to Apache APR version 1.3.8 or APR-util version 1.3.9, http://apr.apache.org/download.cgi or Apply the patches for Apache APR-Utils 0.9.x or Apache APR version 0.9.x http://www.apache.org/dist/apr/patches/apr-0.9-CVE-2009-2412.patch http://www.apache.org/dist/apr/patches/apr-util-0.9-CVE-2009-2412.patch ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
- Error exists when vectors trigger crafted calls to the allocator_alloc or apr_palloc function in memory/unix/apr_pools.c in APR. - Error in apr_rmm_malloc, apr_rmm_calloc or apr_rmm_realloc function in misc/apr_rmm.c caused while aligning relocatable memory blocks in APR-util.
Apache APR version 0.9.x and 1.3.x before 1.3.8 Apache APR-Utils version 0.9.x and 1.3.x before 1.3.9