Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Bug fixes:
- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says (patch Juergen Gleiss)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15
apache2-2.4.33-3.6.1
apache2-devel-2.4.33-3.6.1
apache2-doc-2.4.33-3.6.1
apache2-prefork-2.4.33-3.6.1
apache2-utils-2.4.33-3.6.1
apache2-worker-2.4.33-3.6.1
Ссылки
- Link for SUSE-SU-2018:3101-1
- E-Mail link for SUSE-SU-2018:3101-1
- SUSE Security Ratings
- SUSE Bug 1109961
- SUSE CVE CVE-2018-11763 page
Описание
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1
SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1
SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1
SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1
Ссылки
- CVE-2018-11763
- SUSE Bug 1109961
- SUSE Bug 1122212