| Errata ID | 42 |
|---|---|
| Date | 2019-04-10 |
| Source package | apache2 |
| Fixed in version | 2.4.25-3+deb9u7A~4.4.0.201904051133 |
| Description | This update addresses the following issues: * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * Privilege escalation from modules scripts (CVE-2019-0211) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * URL normalization inconsistency (CVE-2019-0220) |
| Additional notes | |
| CVE ID | CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 |
| UCS Bug number | #49237 |
