[Bug 1840188] Re: Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

Thu, 29 Aug 2019 14:01:37 -0700 

This bug was fixed in the package apache2 - 2.4.38-2ubuntu2.2

---------------
apache2 (2.4.38-2ubuntu2.2) disco-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
    - d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
      http/2 module keepalive throttling.
    - CVE-2019-9517
  * SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
    denial of service (LP: #1840188)
    - 
d/p/mod_http2-1.14.1-backport-0001-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
      re-use slave connections and fix slave connection keepalives
      counter.
    - CVE-2019-0197
  * SECURITY UPDATE: mod_http2 memory corruption on early pushes
    - included in mod_http2 1.15.4 backport
    - CVE-2019-10081
  * SECURITY UPDATE: read-after-free in mod_http2 h2 connection
    shutdown.
    - included in mod_http2 1.15.4 backport
    - CVE-2019-10082
  * SECURITY UPDATE: mod_remoteip: Stack buffer overflow and NULL
    pointer dereference.
    - d/p/CVE-2019-10097.patch: add better sanity checks.
    - CVE-2019-10097
  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092-1
  * SECURITY UPDATE: mod_rewrite potential open redirect
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098
  * Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
    CVE-2019-10081, and CVE-2019-10082 fixes:
    - add d/p/mod_http2-1.14.1-backport-*.patches and
      d/p/mod_http2-1.15.4-backport-*.patches

 -- Steve Beattie <[email protected]>  Mon, 26 Aug 2019 06:31:40 -0700

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840188

Title:
  Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1840188/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to