File _patchinfo of Package patchinfo.15845
<patchinfo incident="15845">
<issue tracker="bnc" id="1174052">apache segfaults when configured with proxy_uwsgi</issue>
<issue tracker="bnc" id="1175070">VUL-0: CVE-2020-11993: apache2: when trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection</issue>
<issue tracker="bnc" id="1175071">VUL-0: CVE-2020-9490: apache2: specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash</issue>
<issue tracker="bnc" id="1175074">VUL-0: CVE-2020-11984: apache2: mod_proxy_uwsgi info disclosure and possible RCE</issue>
<issue tracker="cve" id="2020-9490"/>
<issue tracker="cve" id="2020-11984"/>
<issue tracker="cve" id="2020-11993"/>
<packager>pgajdos</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for apache2</summary>
<description>This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
- Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052)
</description>
</patchinfo>