Mandriva Linux Security Advisory : apr (MDVSA-2012:019)
Medium Nessus Plugin ID 57955
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in ASF APR :
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table (CVE-2012-0840).
APR has been upgraded to the latest version (1.4.6) which holds many improvments over the previous versions and is not vulnerable to this issue.
SolutionUpdate the affected packages.