Security update for apache2 (moderate)
This update for apache2 fixes the following issues:
The following security vulnerabilities were fixed:
- CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial
of service via specially crafted HTTP/2 requests (bsc#1101689).By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). - CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could
have lead to a denial of service via specially crafted HTTP requests
(bsc#1101688). Note: We are currently not shipping this modules, since
it is still considered experimental, but we might start to ship it with
future releases.By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
This update was imported from the SUSE:SLE-15:Update update project.
Post a Comment