Описание
Recommended update for apache2
This update for apache2 fixes several issues.
These security issues were fixed:
- CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575).
- CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160).
These non-security issues were fixed:
- Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037)
- Fall back to 'localhost' as hostname in gensslcert (bsc#1057406)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.3
apache2-2.4.23-19.1
apache2-devel-2.4.23-19.1
apache2-doc-2.4.23-19.1
apache2-event-2.4.23-19.1
apache2-example-pages-2.4.23-19.1
apache2-prefork-2.4.23-19.1
apache2-utils-2.4.23-19.1
apache2-worker-2.4.23-19.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0291-1
- SUSE Security Ratings
Описание
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
Затронутые продукты
openSUSE Leap 42.3:apache2-2.4.23-19.1
openSUSE Leap 42.3:apache2-devel-2.4.23-19.1
openSUSE Leap 42.3:apache2-doc-2.4.23-19.1
openSUSE Leap 42.3:apache2-event-2.4.23-19.1
Ссылки
- CVE-2017-7659
- SUSE Bug 1045160
Описание
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
Затронутые продукты
openSUSE Leap 42.3:apache2-2.4.23-19.1
openSUSE Leap 42.3:apache2-devel-2.4.23-19.1
openSUSE Leap 42.3:apache2-doc-2.4.23-19.1
openSUSE Leap 42.3:apache2-event-2.4.23-19.1
Ссылки
- CVE-2017-9789
- SUSE Bug 1048575