MDVSA-2011:084 -- Mandriva aprID: oval:org.secpod.oval:def:301012 | Date: (C)2012-01-07 (M)2024-04-03 |
Class: PATCH | Family: unix |
It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching , to exhaust all stack memory or use an excessive amount of CPU time when performing matching . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |