AVG-350

Package apache
Status Fixed
Severity Critical
Type multiple issues
Affected 2.4.26-3
Fixed 2.4.27-1
Current 2.4.33-3 [extra]
Ticket None
Created Fri Jul 14 18:54:38 2017
Issue Severity Remote Type Description
CVE-2017-9789 Critical Yes Arbitrary code execution
A security issue has been found in apache's mod_http2 <= 2.4.26. When under stress, closing many connections, the HTTP/2 handling code would sometimes...
CVE-2017-9788 High Yes Information disclosure
A security issue has been found in apache's mod_auth_digest <= 2.4.26, leading to information disclosure or denial of service. The value placeholder in...
Date Advisory Package Description
14 Jul 2017 ASA-201707-15 apache multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html