Bug 1073952 - (CVE-2017-10869) [server:http] h2o: multiple security issues
(CVE-2017-10869)
[server:http] h2o: multiple security issues
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Marcus Rückert
Security Team bot
https://smash.suse.de/issue/197162/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-22 07:13 UTC by Marcus Meissner
Modified: 2018-04-16 16:29 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-12-22 07:13:30 UTC
CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to upstream]
CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing]
CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request]
CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o]

package is only in server:http as far as I see.
Comment 1 Marcus Rückert 2018-04-16 16:29:09 UTC
updated to 2.2.4 by contributor.