drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in mod_http2
Name: |
Ausführen beliebiger Kommandos in mod_http2 |
|
ID: |
FEDORA-2018-0a95bff197 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 27 |
|
Datum: |
Fr, 6. April 2018, 07:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302 |
|
Applikationen: |
mod_http2 |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-0a95bff197 2018-04-05 23:56:01.161334 ------------------------------------------------------------------------------- -
Name : mod_http2 Product : Fedora 27 Version : 1.10.16 Release : 1.fc27 URL : https://icing.github.io/mod_h2/ Summary : module implementing HTTP/2 for Apache 2 Description : The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
------------------------------------------------------------------------------- - Update Information:
This update includes the latest upstream release of mod_http2, version 1.10.16. This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was destroyed after being handled, mod_http2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561570 [ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560627 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mod_http2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|