[ubuntu/bionic-security] apache2 2.4.29-1ubuntu4.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 3 18:33:14 UTC 2018
apache2 (2.4.29-1ubuntu4.4) bionic-security; urgency=medium
* SECURITY UPDATE: DoS in HTTP/2 via NULL pointer
- debian/patches/CVE-2018-1302.patch: remove obsolete stream detach
code in modules/http2/h2_bucket_beam.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2018-1302
* SECURITY UPDATE: DoS in HTTP/2 via worker exhaustion
- debian/patches/CVE-2018-1333.patch: always wake up any conditional
waits when streams are aborted in modules/http2/h2_bucket_beam.c.
- CVE-2018-1333
* SECURITY UPDATE: DoS in HTTP/2 via large SETTINGS frames
- debian/patches/CVE-2018-11763.patch: rework connection IO event
handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
modules/http2/h2_version.h.
- CVE-2018-11763
apache2 (2.4.29-1ubuntu4.3) bionic; urgency=medium
* d/p/balance-member-long-hostname-part{1,2}.patch: Provide an RFC1035
compliant version of the hostname in the
proxy_worker_shared structure. A hostname that is too long is no longer a
fatal error. (LP: #1750356)
apache2 (2.4.29-1ubuntu4.2) bionic; urgency=medium
* debian/patches/includeoptional-ignore-non-existent.patch: silently
ignore a not existent file path with IncludeOptional . Closes LP:
#1766186.
Date: 2018-10-03 16:34:13.780087+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list