Security update for apache2
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838)
- CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839)
Non-security issue fixed:
- sysconfig.d is not created anymore if it already exists (bsc#1121086)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1122838
VUL-1: CVE-2018-17189: apache2: mod_http2, DoS via slow, unneeded request bodies
bnc#1122839
VUL-1: CVE-2018-17199: apache2: mod_session_cookie does not respect expiry time
bnc#1121086
/usr/sbin/start_apache2 tries to force-create sysconfd.d dir (even already there)
