Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
- Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1174052
apache segfaults when configured with proxy_uwsgi
bnc#1175070
VUL-0: CVE-2020-11993: apache2: when trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection
bnc#1175071
VUL-0: CVE-2020-9490: apache2: specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash
bnc#1175074
VUL-0: CVE-2020-11984: apache2: mod_proxy_uwsgi info disclosure and possible RCE
