Mageia 2019-0109: apache security update

    Date14 Mar 2019
    CategoryMageia
    453
    Posted ByLinuxSecurity Advisories
    By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections in Apache HTTP Server versions 2.4.37 and prior (CVE-2018-17189).
    MGASA-2019-0109 - Updated apache packages fix security vulnerability
    
    Publication date: 14 Mar 2019
    URL: https://advisories.mageia.org/MGASA-2019-0109.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-17189,
         CVE-2018-17199
    
    By sending request bodies in a slow loris way to plain resources, the h2
    stream for that request unnecessarily occupied a server thread cleaning up
    that incoming data. This affects only HTTP/2 (mod_http2) connections in
    Apache HTTP Server versions 2.4.37 and prior (CVE-2018-17189).
    
    In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the
    session expiry time before decoding the session. This causes session
    expiry time to be ignored for mod_session_cookie sessions since the expiry
    time is loaded when the session is decoded (CVE-2018-17199).
    
    The apache package has been updated to version 2.4.38, fixing these issues
    and several other bugs.  See the upstream CHANGES files for details.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24226
    - http://www.apache.org/dist/httpd/CHANGES_2.4.38
    - https://httpd.apache.org/security/vulnerabilities_24.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
    
    SRPMS:
    - 6/core/apache-2.4.38-1.mga6
    

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.