Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Список пакетов
SUSE Linux Enterprise Server 12 SP4
apache2-2.4.23-29.27.2
apache2-doc-2.4.23-29.27.2
apache2-example-pages-2.4.23-29.27.2
apache2-prefork-2.4.23-29.27.2
apache2-utils-2.4.23-29.27.2
apache2-worker-2.4.23-29.27.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-2.4.23-29.27.2
apache2-doc-2.4.23-29.27.2
apache2-example-pages-2.4.23-29.27.2
apache2-prefork-2.4.23-29.27.2
apache2-utils-2.4.23-29.27.2
apache2-worker-2.4.23-29.27.2
SUSE Linux Enterprise Software Development Kit 12 SP4
apache2-devel-2.4.23-29.27.2
Ссылки
- Link for SUSE-SU-2018:3582-2
- E-Mail link for SUSE-SU-2018:3582-2
- SUSE Security Ratings
- SUSE Bug 1109961
- SUSE CVE CVE-2018-11763 page
Описание
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2
SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2
SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2
SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2
Ссылки
- CVE-2018-11763
- SUSE Bug 1109961
- SUSE Bug 1122212