Chapter 3. Security Fixes
This update includes fixes for the following security related issues:
| ID | Impact | Summary |
|---|---|---|
| Low | openssl: timing side channel attack in the DSA signature algorithm | |
| Low | openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys | |
| Low | mod_http2: DoS via slow, unneeded request bodies | |
| Moderate | mod_session_cookie does not respect expiry time | |
| Low | httpd: mod_http2: read-after-free on a string compare | |
| Low | httpd: mod_http2: possible crash on late upgrade | |
| Moderate | httpd: mod_auth_digest: access control bypass due to race condition [jbcs-httpd-2.4.29] | |
| Important | large amount of data requests leads to denial of service | |
| Important | flood using PRIORITY frames results in excessive resource consumption | |
| Important | HTTP/2: 0-length headers lead to denial of service | |
| Important | HTTP/2: request for large response leads to denial of service |
