Описание
Security update for apache2
This update for apache2 fixes the following issues:
The following security vulnerability were fixed:
- CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689).
Список пакетов
SUSE Linux Enterprise Server 12 SP3
apache2-2.4.23-29.21.1
apache2-doc-2.4.23-29.21.1
apache2-example-pages-2.4.23-29.21.1
apache2-prefork-2.4.23-29.21.1
apache2-utils-2.4.23-29.21.1
apache2-worker-2.4.23-29.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.21.1
apache2-doc-2.4.23-29.21.1
apache2-example-pages-2.4.23-29.21.1
apache2-prefork-2.4.23-29.21.1
apache2-utils-2.4.23-29.21.1
apache2-worker-2.4.23-29.21.1
SUSE Linux Enterprise Software Development Kit 12 SP3
apache2-devel-2.4.23-29.21.1
Ссылки
- Link for SUSE-SU-2018:2336-1
- E-Mail link for SUSE-SU-2018:2336-1
- SUSE Security Ratings
- SUSE Bug 1101689
- SUSE CVE CVE-2018-1333 page
Описание
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.21.1
SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.21.1
SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.21.1
SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.21.1
Ссылки
- CVE-2018-1333
- SUSE Bug 1101689