DSA-2237-2 apr -- denial of serviceID: oval:org.secpod.oval:def:600529 | Date: (C)2011-06-01 (M)2024-04-03 |
Class: PATCH | Family: unix |
The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch function, causing a denial of service. This update fixes this problem . For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD"s mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.
Platform: |
Debian 5.0 |
Debian 6.0 |