aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:23:28Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9265[3.7] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)2019-07-23T11:23:28ZAlicha CH[3.7] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to...CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to worker exhaustion and a denial of service.
### Fixed In Version:
Apache HTTP Server 2.4.34
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1
CVE-2018-8011: mod\_md, DoS via Coredumps on specially crafted requests
-----------------------------------------------------------------------
By specially crafting HTTP requests, the mod\_md challenge handler would
dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the
server.
### Fixed In Version:
Apache HTTP Server 2.4.34
### Reference:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2
*(from redmine: issue id 9265, created on 2018-08-17, closed on 2018-08-20)*
* Relations:
* copied_to #9263
* parent #9263
* Changesets:
* Revision 38def58c62a70b5f2aa75a8fc493e6cf6789a84f by Andy Postnikov on 2018-08-20T10:43:54Z:
```
main/apache2: security upgrade to 2.4.34
fixes #9265
```3.7.1Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8729[3.7] apache2: Multiple vulnerabilities (CVE-2017-15710, CVE-2017-15715, CVE-...2019-07-23T11:33:20ZAlicha CH[3.7] apache2: Multiple vulnerabilities (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1283, CVE-2018-1312)CVE-2017-15710: Out of bound write in mod\_authnz\_ldap when using too small Accept-Language values
---------------------------------------------------------------------------------------------------
### Affected Versions:
httpd 2.4.1 ...CVE-2017-15710: Out of bound write in mod\_authnz\_ldap when using too small Accept-Language values
---------------------------------------------------------------------------------------------------
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name
----------------------------------------------------------------------------
The expression specified in <FilesMatch> could match ‘$’ to a newline
character in a malicious filename, rather than matching only the end of
the filename.
This could be exploited in environments where uploads of some files are
are externally blocked, but only by matching the trailing portion of the
filename.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/6
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request
-------------------------------------------------------------------------------------
A specially crafted request could have crashed the Apache HTTP Server
prior to
version 2.4.30, due to an out of bound access after a size limit is
reached by
reading the HTTP header.
Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown
---------------------------------------------------------------------
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP
Server prior to version 2.4.30
could have written a NULL pointer potentially to an already freed
memory.
### Affected Versions:
httpd 2.4.17 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1303: Possible out of bound read in mod\_cache\_socache
----------------------------------------------------------------
A specially crafted HTTP request header could have crashed the Apache
HTTP Server prior to version 2.4.30 due to an out of bound read
while preparing data to be cached in shared memory. It could be used as
a Denial of Service attack against users of mod\_cache\_socache.
### Affected Versions:
httpd 2.4.6 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1283: Tampering of mod\_session data for CGI applications
------------------------------------------------------------------
When mod\_session is configured to forward its session data to CGI
applications (SessionEnv on, not the default), a remote user may
influence their content by
using a “Session” header. This comes from the “HTTP\_SESSION” variable
name used by mod\_session to forward its data to CGIs, since the prefix
“HTTP\_” is
also used by the Apache HTTP Server to pass HTTP header fields, per CGI
specifications.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1312: Weak Digest auth nonce generation in mod\_auth\_digest
---------------------------------------------------------------------
When generating an HTTP Digest authentication challenge, the nonce sent
to prevent reply attacks was not correctly generated using a
pseudo-random seed.
In a cluster of servers using a common Digest authentication
configuration, HTTP requests could be replayed across servers by an
attacker without detection.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 8729, created on 2018-03-26, closed on 2018-03-29)*
* Relations:
* copied_to #8727
* parent #8727
* Changesets:
* Revision 746c8ef13b24f55eb20f411bcfef1a44b869145f by Kaarle Ritvanen on 2018-03-27T11:29:36Z:
```
main/apache2: security upgrade to 2.4.33
fixes #8729
```3.7.1Kaarle RitvanenKaarle Ritvanen