apache2: Multiple vulnerabilities (CVE-2016-0736, CVE-2016-2161, CVE-2016-8740, CVE-2016-8743)
CVE-2016-0736: Padding Oracle in Apache mod_session_crypto
Affects: 2.4.1 to 2.4.23
Fixed in: 2.4.25
References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#2.4.25
CVE-2016-2161: DoS vulnerability in mod_auth_digest
Malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Affects: 2.4.1 to 2.4.23
Fixed in: 2.4.25
References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#2.4.25
CVE-2016-8740: HTTP/2 CONTINUATION denial of service
Affects: 2.4.17, 2.4.18, 2.4.20, 2.4.23
Fixed in: 2.4.25
References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://seclists.org/bugtraq/2016/Dec/3
CVE-2016-8743: Apache HTTP Request Parsing Whitespace Defects
Affects: 2.2.0 to 2.4.23.
Fixed in 2.4.25.
References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#2.4.25
(from redmine: issue id 6938, created on 2017-02-27, closed on 2017-03-07)
- Relations:
- child #6939 (closed)
- child #6940 (closed)
- child #6941 (closed)
- child #6942 (closed)