[ubuntu/bionic-updates] apache2 2.4.29-1ubuntu4.4 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 3 18:58:10 UTC 2018
apache2 (2.4.29-1ubuntu4.4) bionic-security; urgency=medium
* SECURITY UPDATE: DoS in HTTP/2 via NULL pointer
- debian/patches/CVE-2018-1302.patch: remove obsolete stream detach
code in modules/http2/h2_bucket_beam.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2018-1302
* SECURITY UPDATE: DoS in HTTP/2 via worker exhaustion
- debian/patches/CVE-2018-1333.patch: always wake up any conditional
waits when streams are aborted in modules/http2/h2_bucket_beam.c.
- CVE-2018-1333
* SECURITY UPDATE: DoS in HTTP/2 via large SETTINGS frames
- debian/patches/CVE-2018-11763.patch: rework connection IO event
handling in modules/http2/h2_session.c, modules/http2/h2_session.h,
modules/http2/h2_version.h.
- CVE-2018-11763
Date: 2018-10-03 16:34:13.780087+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list