Overview

File _patchinfo of Package patchinfo.10078

<patchinfo incident="10078">
  <issue tracker="bnc" id="1122838">VUL-1: CVE-2018-17189: apache2: mod_http2, DoS via slow, unneeded request bodies</issue>
  <issue tracker="bnc" id="1122839">VUL-1: CVE-2018-17199: apache2: mod_session_cookie does not respect expiry time</issue>
  <issue tracker="bnc" id="1121086">/usr/sbin/start_apache2 tries to force-create sysconfd.d dir (even already there)</issue>
  <issue tracker="cve" id="2018-17189"/>
  <issue tracker="cve" id="2018-17199"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838)
- CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839)

Non-security issue fixed:

- sysconfig.d is not created anymore if it already exists (bsc#1121086)
</description>
  <summary>Security update for apache2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places