Repository 32bit  Forum
Repository 64bit  Wiki
Wed Jan 23 04:39:04 UTC 2019
patches/packages/httpd-2.4.38-x86_64-1_slack14.2.txz: Upgraded.
  This release contains security fixes and improvements.
  mod_session: mod_session_cookie does not respect expiry time allowing
  sessions to be reused. [Hank Ibell]
  mod_http2: fixes a DoS attack vector. By sending slow request bodies
  to resources not consuming them, httpd cleanup code occupies a server
  thread unnecessarily. This was changed to an immediate stream reset
  which discards all stream state and incoming data. [Stefan Eissing]
  mod_ssl: Fix infinite loop triggered by a client-initiated
  renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
  later. PR 63052. [Joe Orton]
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
  (* Security fix *)