what you don't know can hurt you

Debian Security Advisory 2237-2

Debian Security Advisory 2237-2
Posted May 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2237-2 - The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch() function, causing a denial of service. This update fixes this problem.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7ac1117c6f245c7f34030cf9e8b7bea4

Debian Security Advisory 2237-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2237-2 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
May 21, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apr
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0419 CVE-2011-1928
Debian bug : 627182


The recent APR update DSA-2237-1 introduced a regression that could
lead to an endless loop in the apr_fnmatch() function, causing a
denial of service. This update fixes this problem (CVE-2011-1928).

For reference, the description of the original DSA, which fixed
CVE-2011-0419:

A flaw was found in the APR library, which could be exploited through
Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex
contained files with sufficiently long names, a remote attacker could
send a carefully crafted request which would cause excessive CPU
usage. This could be used in a denial of service attack.


For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.12-5+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.2-6+squeeze2.

For the testing distribution (wheezy), this problem will be fixed in
version 1.4.5-1.

For the unstable distribution (sid), this problem will be fixed in
version 1.4.5-1.

We recommend that you upgrade your apr packages and restart the
apache2 server.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFN13A7bxelr8HyTqQRAvzpAJ9UKzrunYOHUwdLJTgCn8FpBVFRwwCghXmu
QKovjSgHsOiO+ihaTmtsAFI=
=mU7B
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close