mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
1e2fa38645
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
11 lines
513 B
Text
11 lines
513 B
Text
httpd: httpd (The Apache HTTP Server)
|
|
httpd:
|
|
httpd: Apache is an HTTP server designed as a plug-in replacement for the
|
|
httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and
|
|
httpd: includes many frequently requested new features, and has an API which
|
|
httpd: allows it to be extended to meet users' needs more easily.
|
|
httpd:
|
|
httpd: Apache is the most popular web server in the known universe; over
|
|
httpd: half of the servers on the Internet are running Apache or one of
|
|
httpd: its variants.
|
|
httpd:
|