Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Another apr security update for Debian
Posted by Philipp Esselbach on: 05/21/2011 09:55 AM [ Print | 0 comment(s) ]
The recent APR Debian update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch() function, causing a denial of service.
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2237-2 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
May 21, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apr
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0419 CVE-2011-1928
Debian bug : 627182
The recent APR update DSA-2237-1 introduced a regression that could
lead to an endless loop in the apr_fnmatch() function, causing a
denial of service. This update fixes this problem (CVE-2011-1928).
For reference, the description of the original DSA, which fixed
CVE-2011-0419:
A flaw was found in the APR library, which could be exploited through
Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex
contained files with sufficiently long names, a remote attacker could
send a carefully crafted request which would cause excessive CPU
usage. This could be used in a denial of service attack.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.12-5+lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.2-6+squeeze2.
For the testing distribution (wheezy), this problem will be fixed in
version 1.4.5-1.
For the unstable distribution (sid), this problem will be fixed in
version 1.4.5-1.
We recommend that you upgrade your apr packages and restart the
apache2 server.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Debian Security Advisory DSA-2237-2 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
May 21, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apr
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0419 CVE-2011-1928
Debian bug : 627182
The recent APR update DSA-2237-1 introduced a regression that could
lead to an endless loop in the apr_fnmatch() function, causing a
denial of service. This update fixes this problem (CVE-2011-1928).
For reference, the description of the original DSA, which fixed
CVE-2011-0419:
A flaw was found in the APR library, which could be exploited through
Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex
contained files with sufficiently long names, a remote attacker could
send a carefully crafted request which would cause excessive CPU
usage. This could be used in a denial of service attack.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.12-5+lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.2-6+squeeze2.
For the testing distribution (wheezy), this problem will be fixed in
version 1.4.5-1.
For the unstable distribution (sid), this problem will be fixed in
version 1.4.5-1.
We recommend that you upgrade your apr packages and restart the
apache2 server.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Related Threads
07/29/2006 08:27 AM: Moving FC5 from one PC to another PC (2) by danleff
06/15/2006 07:40 PM: Stop the presses - another FC5 & XP dual-boot problem! (2) by danleff
05/26/2006 06:31 PM: Ugh, frustrated to death. Another FC 5 + WIN XP and grub (8) by danleff
08/19/2006 04:34 AM: Yet another Newbie dual boot question (1) by mohona
06/15/2005 11:27 PM: YAP (Yet Another Problem) (2) by OldSpiceAP
01/24/2005 06:55 AM: Another newb trying Fedora (3) by Dapper Dan
12/11/2004 07:31 AM: Another Dual Boot question... (11) by Dapper Dan
07/13/2004 12:41 AM: Another Mandrake 10 install problem (2) by 10Mhz
06/20/2004 05:39 PM: Another Proble,m with Mandrake 10 (1) by danleff
02/28/2004 09:27 AM: another shell script question! (1) by texroot
06/15/2006 07:40 PM: Stop the presses - another FC5 & XP dual-boot problem! (2) by danleff
05/26/2006 06:31 PM: Ugh, frustrated to death. Another FC 5 + WIN XP and grub (8) by danleff
08/19/2006 04:34 AM: Yet another Newbie dual boot question (1) by mohona
06/15/2005 11:27 PM: YAP (Yet Another Problem) (2) by OldSpiceAP
01/24/2005 06:55 AM: Another newb trying Fedora (3) by Dapper Dan
12/11/2004 07:31 AM: Another Dual Boot question... (11) by Dapper Dan
07/13/2004 12:41 AM: Another Mandrake 10 install problem (2) by 10Mhz
06/20/2004 05:39 PM: Another Proble,m with Mandrake 10 (1) by danleff
02/28/2004 09:27 AM: another shell script question! (1) by texroot