Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 05 Dec 2016 21:13:04 +0100
Message-id: <[🔎] 148096878459.26136.12716486006375905503.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 847124@bugs.debian.org

Source: apache2
Version: 2.4.23-8
Severity: important
Tags: security upstream patch

Hi

CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
can be exhausted and service denied when HTTP/2 is used.

Post to oss-security at:
http://www.openwall.com/lists/oss-security/2016/12/05/14

Patch: https://svn.apache.org/r1772576

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
  - From: Stefan Fritsch <sf@sfritsch.de>
- Bug#847124: marked as done (apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#828236: openssl 1.1 and apache2
Next by Date: Processed: Bump default-mysql bugs to serious
Previous by thread: Bug#828236: openssl 1.1 and apache2
Next by thread: Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
Index(es):
- Date
- Thread