You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2018/07/18 11:34:52 UTC
Re: svn commit: r1836150 -
/httpd/site/trunk/content/security/vulnerabilities-httpd.xml
It looks like these were missed in CHANGES. I will update and push.
> On Jul 18, 2018, at 3:54 AM, mjc@apache.org wrote:
>
> Author: mjc
> Date: Wed Jul 18 07:54:13 2018
> New Revision: 1836150
>
> URL: http://svn.apache.org/viewvc?rev=1836150&view=rev
> Log:
> add 2.3.34 vulns that were fixed
>
> Modified:
> httpd/site/trunk/content/security/vulnerabilities-httpd.xml
>
> Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1836150&r1=1836149&r2=1836150&view=diff
> ==============================================================================
> --- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
> +++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Wed Jul 18 07:54:13 2018
> @@ -1,4 +1,45 @@
> -<security updated="20180325">
> +<security updated="20180718">
> +
> +<issue reported="20180629" public="20180718">
> +<cve name="CVE-2018-8011"/>
> +<severity level="3">moderate</severity>
> +<title>mod_md, DoS via Coredumps on specially crafted requests</title>
> +<description>
> +<p>By specially crafting HTTP requests, the mod_md challenge
> +handler would dereference a NULL pointer and cause the child
> +process to segfault. This could be used to DoS the server.</p>
> +</description>
> +<acknowledgements>
> +The issue was discovered by Daniel Caminada <daniel.caminada@ergon.ch>.
> +</acknowledgements>
> +<fixed base="2.4" version="2.4.34" date="20180715"/>
> +<affects prod="httpd" version="2.4.33"/>
> +</issue>
> +
> +<issue reported="20180508" public="20180718">
> +<cve name="CVE-2018-1333"/>
> +<severity level="3">low</severity>
> +<title>DoS for HTTP/2 connections by crafted requests</title>
> +<description>
> +<p>By specially crafting HTTP/2 requests, workers would be
> +allocated 60 seconds longer than necessary, leading to
> +worker exhaustion and a denial of service.</p>
> +</description>
> +<acknowledgements>
> +The issue was discovered by Craig Young of Tripwire VERT.
> +</acknowledgements>
> +<fixed base="2.4" version="2.4.34" date="20180715"/>
> +<affects prod="httpd" version="2.4.33"/>
> +<affects prod="httpd" version="2.4.30"/>
> +<affects prod="httpd" version="2.4.29"/>
> +<affects prod="httpd" version="2.4.28"/>
> +<affects prod="httpd" version="2.4.27"/>
> +<affects prod="httpd" version="2.4.26"/>
> +<affects prod="httpd" version="2.4.25"/>
> +<affects prod="httpd" version="2.4.23"/>
> +<affects prod="httpd" version="2.4.20"/>
> +<affects prod="httpd" version="2.4.18"/>
> +</issue>
>
> <issue reported="20171114" public="20180321">
> <cve name="CVE-2018-1283"/>
>
>