Changes between Initial Version and Version 1 of Ticket #8658


Ignore:
Timestamp:
12/22/2016 02:07:36 PM (7 years ago)
Author:
Douglas R. Reno
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #8658

    • Property Priority normalhigh
    • Property Summary Apache httpd-2.4.25Apache httpd-2.4.25 (CVE-2016-0736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743)

  • Ticket #8658 – Description

    initial v1  
    11In dist directory, but not announced yet. The maintainer should be back tomorrow (https://lists.apache.org/list.html?dev@httpd.apache.org:2016-12)
     2
     3
     4{{{
     5    CVE-2016-0736 mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack.
     6    CVE-2016-2161 mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted.
     7    CVE-2016-5387 core: Mitigate [f]cgi "httpoxy" issues.
     8    CVE-2016-8740 mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
     9    CVE-2016-8743 Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies.
     10
     11}}}