Bug 1073952 (CVE-2017-10869)

Summary: [server:http] h2o: multiple security issues
Product: [openSUSE] openSUSE Distribution Reporter: Marcus Meissner <meissner>
Component: OtherAssignee: Marcus Rückert <mrueckert>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: Leap 42.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/197162/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2017-12-22 07:13:30 UTC
CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to upstream]
CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing]
CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request]
CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o]

package is only in server:http as far as I see.
Comment 1 Marcus Rückert 2018-04-16 16:29:09 UTC
updated to 2.2.4 by contributor.