Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.69784
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2011:0844
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0844.

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It provides a free library of C data
structures and routines.

The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an
infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME
matching flag was used. A remote attacker could possibly use this flaw to
cause a denial of service on an application using the apr_fnmatch()
function. (CVE-2011-1928)

Note: This problem affected httpd configurations using the Location
directive with wildcard URLs. The denial of service could have been
triggered during normal operation
it did not specifically require a
malicious HTTP request.

This update also addresses additional problems introduced by the rewrite of
the apr_fnmatch() function, which was necessary to address the
CVE-2011-0419 flaw.

All apr users should upgrade to these updated packages, which contain a
backported patch to correct this issue. Applications using the apr library,
such as httpd, must be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0844.html

Risk factor : Medium

CVSS Score:
4.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1928
HPdes Security Advisory: HPSBOV02822
http://marc.info/?l=bugtraq&m=134987041210674&w=2
HPdes Security Advisory: SSRT100966
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E
http://openwall.com/lists/oss-security/2011/05/19/5
http://openwall.com/lists/oss-security/2011/05/19/10
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e
http://www.redhat.com/support/errata/RHSA-2011-0844.html
http://secunia.com/advisories/44558
http://secunia.com/advisories/44613
http://secunia.com/advisories/44661
http://secunia.com/advisories/44780
http://secunia.com/advisories/48308
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://www.vupen.com/english/advisories/2011/1289
http://www.vupen.com/english/advisories/2011/1290
Common Vulnerability Exposure (CVE) ID: CVE-2011-0419
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Debian Security Information: DSA-2237 (Google Search)
http://www.debian.org/security/2011/dsa-2237
HPdes Security Advisory: HPSBMU02704
http://marc.info/?l=bugtraq&m=132033751509019&w=2
HPdes Security Advisory: HPSBUX02702
http://marc.info/?l=bugtraq&m=131551295528105&w=2
HPdes Security Advisory: HPSBUX02707
http://marc.info/?l=bugtraq&m=131731002122529&w=2
HPdes Security Advisory: SSRT100606
HPdes Security Advisory: SSRT100619
HPdes Security Advisory: SSRT100626
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://cxib.net/stuff/apache.fnmatch.phps
http://cxib.net/stuff/apr_fnmatch.txts
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804
http://www.redhat.com/support/errata/RHSA-2011-0507.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://securitytracker.com/id?1025527
http://secunia.com/advisories/44490
http://secunia.com/advisories/44564
http://secunia.com/advisories/44574
http://securityreason.com/securityalert/8246
http://securityreason.com/achievement_securityalert/98
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.