Ubuntu Security Notice (C) 2011-2014 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Maksymilian Arciemowicz reported that a flaw in the fnmatch()
implementation in the Apache Portable Runtime (APR) library could
allow an attacker to cause a denial of service. This can be
demonstrated in a remote denial of service attack against
mod_autoindex in the Apache web server. (CVE-2011-0419)
Is was discovered that the fix for CVE-2011-0419 introduced a
different flaw in the fnmatch() implementation that could also result
in a denial of service. (CVE-2011-1928).
Update the affected libapr0 and / or libapr1 packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true