Security update for apache2 (moderate)

2018-08-19T15:09:07
ID OPENSUSE-SU-2018:2433-1
Type suse
Reporter Suse
Modified 2018-08-19T15:09:07

Description

This update for apache2 fixes the following issues:

The following security vulnerabilities were fixed:

  • CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689).
  • CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could have lead to a denial of service via specially crafted HTTP requests (bsc#1101688). Note: We are currently not shipping this modules, since it is still considered experimental, but we might start to ship it with future releases.

This update was imported from the SUSE:SLE-15:Update update project.