Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 22 Jan 2019 21:18:38 +0100
Message-id: <[🔎] 154818831845.19252.4400934716675438065.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 920220@bugs.debian.org

Source: apache2
Version: 2.4.37-1
Severity: grave
Tags: patch security upstream

Hi (Stefan),

I agree the severity is not the best choosen one for this issue, it is
more to ensure we could release buster with an appropriate fix already
before the release. If you disagree, please do downgrade.

The following vulnerability was published for apache2.

CVE-2019-0190[0]:
mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-0190
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
[1] https://marc.info/?l=oss-security&m=154817901921421&w=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
  - From: Xavier <yadd@debian.org>
- Processed: Re: Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#920220: marked as done (apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#920203: apache2 needs to be upgrade to 2.4.26+ to better interoperability with php-fpm
Next by Date: Bug#920235: Reading from /dev/urandom hangs from an Apache2 cgi-bin, but not from the shell
Previous by thread: Bug#920203: apache2 needs to be upgrade to 2.4.26+ to better interoperability with php-fpm
Next by thread: Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Index(es):
- Date
- Thread