Chapter 3. Security Fixes

This update includes fixes for the following security related issues:

Expand

ID	Impact	Summary
CVE-2018-20843	Moderate	expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
CVE-2019-0196	Low	httpd: mod_http2: read-after-free on a string compare
CVE-2019-0197	Low	httpd: mod_http2: possible crash on late upgrade
CVE-2019-15903	Low	expat: heap-based buffer over-read via crafted XML input
CVE-2019-19956	Moderate	libxml2: There’s a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash
CVE-2019-20388	Moderate	libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
CVE-2020-1934	Low	httpd: mod_proxy_ftp use of uninitialized value
CVE-2020-7595	Moderate	libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
CVE-2020-11080	Important	nghttp2: overly large SETTINGS frames can lead to DoS