OpenBSD / ports / ptpamFT / patch apache httpd CVE-2017-9798, backported from upstream's branches/2.4.x

OpenBSD/ports ptpamFT — www/apache-httpd Makefile, www/apache-httpd/patches patch-server_core_c

2017-09-18 19:27:17 UTC by sthen on ⎇

OPENBSD_6_1

   patch apache httpd CVE-2017-9798, backported from upstream's branches/2.4.x

   This is a use after free error that causes a corrupted Allow header to
   be constructed in response to HTTP OPTIONS requests. It can leak pieces
   of arbitrary memory from the server process that may contain secrets.
   The memory pieces change after multiple requests, so for a vulnerable
   host an arbitrary number of memory chunks can be leaked.

   The bug appears if a webmaster tries to use the "Limit" directive with
   an invalid HTTP method.

Version	Delta		File
1.81.2.2	+2	-1	www/apache-httpd/Makefile
1.1.2.1	+1	-1	www/apache-httpd/patches/patch-server_core_c
	+3	-2	2 files

Unified Split Raw