Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648]
Список пакетов
SUSE Linux Enterprise Server 12 SP2
apache2-2.4.23-16.3
apache2-doc-2.4.23-16.3
apache2-example-pages-2.4.23-16.3
apache2-prefork-2.4.23-16.3
apache2-utils-2.4.23-16.3
apache2-worker-2.4.23-16.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
apache2-2.4.23-16.3
apache2-doc-2.4.23-16.3
apache2-example-pages-2.4.23-16.3
apache2-prefork-2.4.23-16.3
apache2-utils-2.4.23-16.3
apache2-worker-2.4.23-16.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
apache2-2.4.23-16.3
apache2-doc-2.4.23-16.3
apache2-example-pages-2.4.23-16.3
apache2-prefork-2.4.23-16.3
apache2-utils-2.4.23-16.3
apache2-worker-2.4.23-16.3
SUSE Linux Enterprise Software Development Kit 12 SP2
apache2-devel-2.4.23-16.3
Ссылки
- Link for SUSE-SU-2017:0203-1
- E-Mail link for SUSE-SU-2017:0203-1
- SUSE Security Ratings
- SUSE Bug 1013648
- SUSE CVE CVE-2016-8740 page
Описание
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3
SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-16.3
SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3
SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3
Ссылки
- CVE-2016-8740
- SUSE Bug 1013648