Mandriva Linux Security Advisory : apr (MDVSA-2011:084)
Medium Nessus Plugin ID 53908
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionIt was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching (CVE-2011-0419).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.