Univention Bugzilla – Bug 48163
apache2: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:15 CET
New Debian apache2 2.4.25-3+deb9u6A~4.3.2.201811190845 fixes: This update addresses the following issues: * mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333) * DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/apache2_2.4.25-3+deb9u5A~4.3.1.201808081329.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/apache2_2.4.25-3+deb9u6A~4.3.2.201811190845.dsc @@ -1,9 +1,16 @@ -2.4.25-3+deb9u5A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:43:30 +0200] Univention builddaemon <buildd@univention.de>: +2.4.25-3+deb9u6A~4.3.2.201811190845 [Mon, 19 Nov 2018 09:00:01 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 05-autostart-setting 10-apache2-reload 20-no-proxy + +2.4.25-3+deb9u6 [Sat, 03 Nov 2018 19:46:19 +0100] Stefan Fritsch <sf@debian.org>: + + * CVE-2018-1333: mod_http2: Fix DoS by worker exhaustion. Closes: #904106 + * CVE-2018-11763: mod_http2: Fix DoS by continuous SETTINGS. + Closes: #909591 + * mod_proxy_fcgi: Fix segfault. Closes: #902906 2.4.25-3+deb9u5 [Sat, 02 Jun 2018 10:01:13 +0200] Stefan Fritsch <sf@debian.org>: <http://10.200.17.11/4.3-2/#5953855242682329412>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] cebccd953e Bug #48163: apache2 2.4.25-3+deb9u6A~4.3.2.201811190845 doc/errata/staging/apache2.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/314.html>