Summary: | <www-servers/apache-2.4.34: multiple vulnerabilities (CVE-2018-{1333,8011}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
app-admin/apache-tools-2.4.34
www-servers/apache-2.4.34-r2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-08-05 23:21:58 UTC
@ Maintainer(s): Can we start stabilization of =www-servers/apache-2.4.34-r1? low: DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default Acknowledgements: The issue was discovered by Craig Young of Tripwire VERT. x86 stable amd64 stable ia64 stable ppc64 stable arm stable Stable on alpha. ppc stable all arches done GLSA Vote: no @Maintainers please cleanup older versions. Thank you! @maintainer, is cleanup on hold? cleanup will happen in bug #676064 |