Chapter 3. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Moderate | expat: large number of colons in input makes parser consume high amount of resources, leading to DoS | |
Low | httpd: mod_http2: read-after-free on a string compare | |
Low | httpd: mod_http2: possible crash on late upgrade | |
Low | expat: heap-based buffer over-read via crafted XML input | |
Moderate | libxml2: There’s a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash | |
Moderate | libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c | |
Low | httpd: mod_proxy_ftp use of uninitialized value | |
Moderate | libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations | |
Important | nghttp2: overly large SETTINGS frames can lead to DoS |