Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Bug fixes:
- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says (patch Juergen Gleiss)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
apache2-2.4.33-lp150.2.6.1
apache2-devel-2.4.33-lp150.2.6.1
apache2-doc-2.4.33-lp150.2.6.1
apache2-event-2.4.33-lp150.2.6.1
apache2-example-pages-2.4.33-lp150.2.6.1
apache2-prefork-2.4.33-lp150.2.6.1
apache2-utils-2.4.33-lp150.2.6.1
apache2-worker-2.4.33-lp150.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3185-1
- SUSE Security Ratings
Описание
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
Затронутые продукты
openSUSE Leap 15.0:apache2-2.4.33-lp150.2.6.1
openSUSE Leap 15.0:apache2-devel-2.4.33-lp150.2.6.1
openSUSE Leap 15.0:apache2-doc-2.4.33-lp150.2.6.1
openSUSE Leap 15.0:apache2-event-2.4.33-lp150.2.6.1
Ссылки
- CVE-2018-11763
- SUSE Bug 1109961
- SUSE Bug 1122212