SUSE-SU-2018:2424-1

Опубликовано: 17 авг. 2018

Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

The following security vulnerabilities were fixed:

CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689).
CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could have lead to a denial of service via specially crafted HTTP requests (bsc#1101688). Note: We are currently not shipping this modules, since it is still considered experimental, but we might start to ship it with future releases.

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15

apache2-2.4.33-3.3.1

apache2-devel-2.4.33-3.3.1

apache2-doc-2.4.33-3.3.1

apache2-prefork-2.4.33-3.3.1

apache2-utils-2.4.33-3.3.1

apache2-worker-2.4.33-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182424-1/
Link for SUSE-SU-2018:2424-1
https://lists.suse.com/pipermail/sle-security-updates/2018-August/004472.html
E-Mail link for SUSE-SU-2018:2424-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1101688
SUSE Bug 1101688
https://bugzilla.suse.com/1101689
SUSE Bug 1101689
https://www.suse.com/security/cve/CVE-2018-1333/
SUSE CVE CVE-2018-1333 page
https://www.suse.com/security/cve/CVE-2018-8011/
SUSE CVE CVE-2018-8011 page

Описание

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1333.html
CVE-2018-1333
https://bugzilla.suse.com/1101689
SUSE Bug 1101689

Описание

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1

SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-8011.html
CVE-2018-8011
https://bugzilla.suse.com/1101688
SUSE Bug 1101688

SUSE-SU-2018:2424-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15

Ссылки

Уязвимость: CVE-2018-1333

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-8011

Описание

Затронутые продукты

Ссылки