openSUSE-SU-2018:3713-1

Опубликовано: 09 нояб. 2018

Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

Security issues fixed:

CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3

apache2-2.4.23-31.1

apache2-devel-2.4.23-31.1

apache2-doc-2.4.23-31.1

apache2-event-2.4.23-31.1

apache2-example-pages-2.4.23-31.1

apache2-prefork-2.4.23-31.1

apache2-utils-2.4.23-31.1

apache2-worker-2.4.23-31.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00015.html
E-Mail link for openSUSE-SU-2018:3713-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Затронутые продукты

openSUSE Leap 42.3:apache2-2.4.23-31.1

openSUSE Leap 42.3:apache2-devel-2.4.23-31.1

openSUSE Leap 42.3:apache2-doc-2.4.23-31.1

openSUSE Leap 42.3:apache2-event-2.4.23-31.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-11763.html
CVE-2018-11763
https://bugzilla.suse.com/1109961
SUSE Bug 1109961
https://bugzilla.suse.com/1122212
SUSE Bug 1122212

openSUSE-SU-2018:3713-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-11763

Описание

Затронутые продукты

Ссылки