Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1677 to the following vulnerability: Name: CVE-2010-1677 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1677 Assigned: 20100430 Reference: MLIST:[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting Reference: URL: http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html Reference: CONFIRM: http://savannah.nongnu.org/bugs/?32014 Reference: VUPEN:ADV-2010-3344 Reference: URL: http://www.vupen.com/english/advisories/2010/3344 MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
Created mhonarc tracking bugs for this issue Affects: fedora-all [bug 664730]
Created mhonarc tracking bugs for this issue Affects: epel-all [bug 928096]
Current Fedora has the fixed 2.6.18 version, but current EPEL still ships the vulnerable 2.6.16 version.