Bug 1280

Summary: CVE-2011-0419, ressource exhaustion
Product: Mageia Reporter: Michael Scherer <misc>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: dmorganec
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: apr CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 908    

Description Michael Scherer 2011-05-15 02:14:54 CEST 
http://lists.mandriva.com/security-announce/2011-05/msg00005.php


It was discovered that the apr_fnmatch() function used an unconstrained
 recursion when processing patterns with the &#039;*&#039; wildcard. An attacker
 could use this flaw to cause an application using this function,
 which also accepted untrusted input as a pattern for matching (such
 as an httpd server using the mod_autoindex module), to exhaust all
 stack memory or use an excessive amount of CPU time when performing
 matching (CVE-2011-0419).
Michael Scherer 2011-05-15 02:15:03 CEST

Blocks: (none) => 908

Comment 1 D Morgan 2011-05-15 02:26:15 CEST 
Fixed in commit 98877.

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED