Chapter 3. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2019-1547

Moderate

openssl: side-channel weak encryption vulnerability

CVE-2019-1549

Low

openssl: information disclosure in fork()

CVE-2019-1563

Low

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

CVE-2019-10081

Moderate

httpd: memory corruption on early pushes

CVE-2019-10082

Moderate

httpd: read-after-free in h2 connection shutdown

CVE-2019-10092

Low

httpd: limited cross-site scripting in mod_proxy error page

CVE-2019-10097

Moderate

httpd: null-pointer dereference in mod_remoteip

CVE-2019-10098

Low

httpd: mod_rewrite potential open redirect

CVE-2020-1927

Moderate

httpd: mod_rewrite configurations vulnerable to open redirect