FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache APR -- DoS vulnerabilities

Affected packages
apr1 < 1.4.5.1.3.12

Details

VuXML ID 99a5590c-857e-11e0-96b7-00300582f9fc
Discovery 2011-05-19
Entry 2011-05-23

The Apache Portable Runtime Project reports:

A flaw was discovered in the apr_fnmatch() function in the Apache Portable Runtime (APR) library 1.4.4 (or any backported versions that contained the upstream fix for CVE-2011-0419). This could cause httpd workers to enter a hung state (100% CPU utilization).

apr-util 1.3.11 could cause crashes with httpd's mod_authnz_ldap in some situations.

References

Bugtraq ID 47929
CVE Name CVE-2011-0419
CVE Name CVE-2011-1928
URL http://www.apache.org/dist/apr/Announcement1.x.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1928