Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64
Medium Nessus Plugin ID 61036
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419)
Applications using the apr library, such as httpd, must be restarted for this update to take effect.
SolutionUpdate the affected apr, apr-devel and / or apr-docs packages.