Log Message: |
SECURITY: CVE-2017-9789: Read after free in mod_http2.
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentially erratic behaviour.
Merge r1800689 from trunk:
Disable and give warning when mpm_prefork is encountered.
The server will continue to work, but HTTP/2 will no longer be negotiated.
Submitted by: icing
Reviewed by: icing, ylavic, jim
|