Chapter 3. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Low | openssl: timing side channel attack in the DSA signature algorithm | |
Low | openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys | |
Low | mod_http2: DoS via slow, unneeded request bodies | |
Moderate | mod_session_cookie does not respect expiry time | |
Low | httpd: mod_http2: read-after-free on a string compare | |
Low | httpd: mod_http2: possible crash on late upgrade | |
Moderate | httpd: mod_auth_digest: access control bypass due to race condition [jbcs-httpd-2.4.29] | |
Important | large amount of data requests leads to denial of service | |
Important | flood using PRIORITY frames results in excessive resource consumption | |
Important | HTTP/2: 0-length headers lead to denial of service | |
Important | HTTP/2: request for large response leads to denial of service |