Описание
Recommended update for apache2
This update for apache2 fixes several issues.
These security issues were fixed:
- CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575).
- CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160).
These non-security issues were fixed:
- Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037)
- Fall back to 'localhost' as hostname in gensslcert (bsc#1057406)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
apache2-2.4.23-29.13.1
apache2-doc-2.4.23-29.13.1
apache2-example-pages-2.4.23-29.13.1
apache2-prefork-2.4.23-29.13.1
apache2-utils-2.4.23-29.13.1
apache2-worker-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP3
apache2-2.4.23-29.13.1
apache2-doc-2.4.23-29.13.1
apache2-example-pages-2.4.23-29.13.1
apache2-prefork-2.4.23-29.13.1
apache2-utils-2.4.23-29.13.1
apache2-worker-2.4.23-29.13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
apache2-2.4.23-29.13.1
apache2-doc-2.4.23-29.13.1
apache2-example-pages-2.4.23-29.13.1
apache2-prefork-2.4.23-29.13.1
apache2-utils-2.4.23-29.13.1
apache2-worker-2.4.23-29.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
apache2-2.4.23-29.13.1
apache2-doc-2.4.23-29.13.1
apache2-example-pages-2.4.23-29.13.1
apache2-prefork-2.4.23-29.13.1
apache2-utils-2.4.23-29.13.1
apache2-worker-2.4.23-29.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.13.1
apache2-doc-2.4.23-29.13.1
apache2-example-pages-2.4.23-29.13.1
apache2-prefork-2.4.23-29.13.1
apache2-utils-2.4.23-29.13.1
apache2-worker-2.4.23-29.13.1
SUSE Linux Enterprise Software Development Kit 12 SP2
apache2-devel-2.4.23-29.13.1
SUSE Linux Enterprise Software Development Kit 12 SP3
apache2-devel-2.4.23-29.13.1
Ссылки
- Link for SUSE-SU-2018:0261-1
- E-Mail link for SUSE-SU-2018:0261-1
- SUSE Security Ratings
- SUSE Bug 1042037
- SUSE Bug 1045160
- SUSE Bug 1048575
- SUSE Bug 1057406
- SUSE CVE CVE-2017-7659 page
- SUSE CVE CVE-2017-9789 page
Описание
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.13.1
Ссылки
- CVE-2017-7659
- SUSE Bug 1045160
Описание
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.13.1
SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.13.1
Ссылки
- CVE-2017-9789
- SUSE Bug 1048575