openSUSE Security Update : apache2 (openSUSE-2019-791)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

openSUSE Security Update : apache2 (openSUSE-2019-305)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed : -...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:0305-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for apache2 (moderate)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2019:0305-1 Rating: moderate References: 1121086 1122838 1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: openSUSE Leap 42.3 An update that solves two vulnerabilities and has one errata is...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:0296-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : apache2 (openSUSE-2019-296)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed : -...

Security update for apache2 (moderate)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2019:0296-1 Rating: moderate References: 1121086 1122838 1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0498-1)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed:...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0504-1)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed:...

Debian DLA-1647-1 : apache2 security update

Diego Angulo from ImExHS discovered an issue in the webserver apache2. The module modsession ignored the expiry time of sessions handled by modsessioncookie, because the expiry time is available only after decoding the session and the check was already done before. For Debian 8 'Jessie', this...

[SECURITY] [DLA 1647-1] apache2 security update

Package : apache2 Version : 2.4.10-10+deb8u13 CVE ID : CVE-2018-17199 Diego Angulo from ImExHS discovered an issue in the webserver apache2. The module modsession ignored the expiry time of sessions handled by modsessioncookie, because the expiry time is available only after decoding the session...

DLA-1647-1 apache2 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1647-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 8 package apache2 version 1:2.4.38-alt1

1:2.4.38-alt1 built Jan. 28, 2019 Anton Farygin in task 219984 Jan. 25, 2019 Anton Farygin - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

Fedora 28 : php (2018-b6072889db)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2887-1)

This update for php7 fixes the following issues : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753. Note that Tenable Network Security has extracted the...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2018:2424-1)

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...