Overview

File _patchinfo of Package patchinfo.16072

<patchinfo incident="16072">
  <issue tracker="cve" id="2020-9490"/>
  <issue tracker="cve" id="2020-11985"/>
  <issue tracker="cve" id="2020-11993"/>
  <issue tracker="bnc" id="1175071">VUL-0: CVE-2020-9490: apache2: specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash</issue>
  <issue tracker="bnc" id="1175072">VUL-0: CVE-2020-11985: apache2: IP address spoofing when proxying using mod_remoteip and mod_rewrite</issue>
  <issue tracker="bnc" id="1175070">VUL-0: CVE-2020-11993: apache2: when trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places