It was reported that uninitialized data could be accessed when processing a user's log out. Logging out could result in the Apache HTTP Server crashing.
Red Hat would like to thank the mod_auth_mellon team for reporting this issue.
Issue is public now:
It was found that uninitialized data could be accessed when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:1803 https://rhn.redhat.com/errata/RHSA-2014-1803.html
Fedora 21 already ships mod_auth_mellon-0.9.1-1.fc21 and therefore is not affected by this issue.