[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2011:0507-01 -- Redhat apr

ID: oval:org.secpod.oval:def:500004Date: (C)2012-01-31   (M)2023-11-13
Class: PATCHFamily: unix




The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the "*" wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching , to exhaust all stack memory or use an excessive amount of CPU time when performing matching. Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product:
apr
Reference:
RHSA-2011:0507-01
CVE-2011-0419
CVE    1
CVE-2011-0419
CPE    4
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:4
cpe:/o:redhat:enterprise_linux:6
cpe:/a:apache:portable_runtime
...

© SecPod Technologies