Chapter 3. Security Fixes
This update includes fixes for the following security related issues:
| ID | Impact | Summary |
|---|---|---|
| Moderate | expat: large number of colons in input makes parser consume high amount of resources, leading to DoS | |
| Low | httpd: mod_http2: read-after-free on a string compare | |
| Low | httpd: mod_http2: possible crash on late upgrade | |
| Low | expat: heap-based buffer over-read via crafted XML input | |
| Moderate | libxml2: There’s a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash | |
| Moderate | libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c | |
| Low | httpd: mod_proxy_ftp use of uninitialized value | |
| Moderate | libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations | |
| Important | nghttp2: overly large SETTINGS frames can lead to DoS |
