openSUSE-SU-2017:0297-1

Опубликовано: 27 янв. 2017

Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648]

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

apache2-2.4.23-6.1

apache2-devel-2.4.23-6.1

apache2-doc-2.4.23-6.1

apache2-event-2.4.23-6.1

apache2-example-pages-2.4.23-6.1

apache2-prefork-2.4.23-6.1

apache2-utils-2.4.23-6.1

apache2-worker-2.4.23-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00149.html
E-Mail link for openSUSE-SU-2017:0297-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

Затронутые продукты

openSUSE Leap 42.2:apache2-2.4.23-6.1

openSUSE Leap 42.2:apache2-devel-2.4.23-6.1

openSUSE Leap 42.2:apache2-doc-2.4.23-6.1

openSUSE Leap 42.2:apache2-event-2.4.23-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8740.html
CVE-2016-8740
https://bugzilla.suse.com/1013648
SUSE Bug 1013648

openSUSE-SU-2017:0297-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-8740

Описание

Затронутые продукты

Ссылки