SUSE-SU-2018:3582-1

Опубликовано: 30 окт. 2018

Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

Security issues fixed:

CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)

Список пакетов

SUSE Enterprise Storage 4

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Server 12 SP2-BCL

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Server 12 SP2-LTSS

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Server 12 SP3

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

SUSE Linux Enterprise Software Development Kit 12 SP3

apache2-devel-2.4.23-29.27.2

SUSE OpenStack Cloud 7

apache2-2.4.23-29.27.2

apache2-doc-2.4.23-29.27.2

apache2-example-pages-2.4.23-29.27.2

apache2-prefork-2.4.23-29.27.2

apache2-utils-2.4.23-29.27.2

apache2-worker-2.4.23-29.27.2

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183582-1/
Link for SUSE-SU-2018:3582-1
https://lists.suse.com/pipermail/sle-security-updates/2018-October/004815.html
E-Mail link for SUSE-SU-2018:3582-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1109961
SUSE Bug 1109961
https://www.suse.com/security/cve/CVE-2018-11763/
SUSE CVE CVE-2018-11763 page

Описание

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Затронутые продукты

SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2

SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2

SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2

SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-11763.html
CVE-2018-11763
https://bugzilla.suse.com/1109961
SUSE Bug 1109961
https://bugzilla.suse.com/1122212
SUSE Bug 1122212

SUSE-SU-2018:3582-1

Описание

Список пакетов

SUSE Enterprise Storage 4

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2018-11763

Описание

Затронутые продукты

Ссылки