CVE-2024-27316: HTTP/2 CONTINUATION frames without the END_HEADERS flag set can be sent in a continuous stream by an attacker to an Apache Httpd implementation, which will not properly terminate the request early.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=088cdf9b01886b180d1807674608c7da366be8a1 commit 088cdf9b01886b180d1807674608c7da366be8a1 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-04-05 06:59:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-04-05 07:00:24 +0000 www-servers/apache: add 2.4.59 Bug: https://bugs.gentoo.org/928540 Signed-off-by: Hans de Graaff <graaff@gentoo.org> www-servers/apache/Manifest | 2 + www-servers/apache/apache-2.4.59.ebuild | 252 ++++++++++++++++++++++++++++++++ 2 files changed, 254 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=701f541117df26d3da56d8d2563dc70b4fcd5d4f commit 701f541117df26d3da56d8d2563dc70b4fcd5d4f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-28 08:01:45 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-28 08:02:03 +0000 [ GLSA 202409-31 ] Apache HTTPD: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/928540 Bug: https://bugs.gentoo.org/935296 Bug: https://bugs.gentoo.org/935427 Bug: https://bugs.gentoo.org/936257 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-31.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)