-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Core Services
Chapter 4. Security Fixes
This update includes fixes for the following security related issues:
| ID | Impact | Summary |
|---|---|---|
| Moderate | libdb: Reads DB_CONFIG from the current working directory | |
| Low | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | |
| Low | httpd: bypass with a trailing newline in the file name | |
| Moderate | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | |
| Moderate | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | |
| Low | httpd: Out of bounds access after failure in reading the HTTP request | |
| Low | httpd: Use-after-free on HTTP/2 stream shutdown | |
| Moderate | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | |
| Low | httpd: Weak Digest auth nonce generation in mod_auth_digest | |
| Moderate | httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS | |
| Important | mod_jk: connector path traversal due to mishandled HTTP requests in httpd | |
| Moderate | httpd: DoS for HTTP/2 connections by continuous SETTINGS frames | |
| Moderate | nghttp2: Null pointer dereference when too large ALTSVC frame is received |
