Chapter 4. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Moderate | libdb: Reads DB_CONFIG from the current working directory | |
Low | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | |
Low | httpd: bypass with a trailing newline in the file name | |
Moderate | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | |
Moderate | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | |
Low | httpd: Out of bounds access after failure in reading the HTTP request | |
Low | httpd: Use-after-free on HTTP/2 stream shutdown | |
Moderate | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | |
Low | httpd: Weak Digest auth nonce generation in mod_auth_digest | |
Moderate | httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS | |
Important | mod_jk: connector path traversal due to mishandled HTTP requests in httpd | |
Moderate | httpd: DoS for HTTP/2 connections by continuous SETTINGS frames | |
Moderate | nghttp2: Null pointer dereference when too large ALTSVC frame is received |