SUSE-SU-2018:0261-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 29 Jan 2018, 10:41
Last modified:04 Feb 2026, 03:35

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Jan 2018, 10:41
Published
Vulnerability first disclosed
04 Feb 2026, 03:35
Last Modified
Vulnerability information updated

Description

Recommended update for apache2 This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575). - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160). These non-security issues were fixed: - Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037) - Fall back to 'localhost' as hostname in gensslcert (bsc#1057406)

Affected Systems

  • suseapache2&distro=SUSE Linux Enterprise Server 12 SP2

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Server 12 SP3

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

    < 2.4.23-29.13.1

  • suseapache2&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

    < 2.4.23-29.13.1

References (7)