Bug#920302: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#920302: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 23 Jan 2019 21:31:36 +0100
Message-id: <[🔎] 154827549659.24550.10437575673289083147.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 920302@bugs.debian.org

Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3

Hi,

The following vulnerability was published for apache2.

CVE-2018-17189[0]:
mod_http2, DoS via slow, unneeded request bodies

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-17189
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
[1] https://www.openwall.com/lists/oss-security/2019/01/22/2

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#920302: marked as done (apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: Re: Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Next by Date: Processed: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Previous by thread: Processed: Re: Bug#920235: Reading from /dev/urandom hangs from an Apache2 cgi-bin, but not from the shell
Next by thread: Processed: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Index(es):
- Date
- Thread