/[Apache-SVN]

Revision 1800774

Jump to revision:
Author:	jim
Date:	Tue Jul 4 12:34:15 2017 UTC (6 years, 9 months ago)
Changed paths:	14
Log Message:	SECURITY: CVE-2017-9789: Read after free in mod_http2. When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Merge r1800689 from trunk: Disable and give warning when mpm_prefork is encountered. The server will continue to work, but HTTP/2 will no longer be negotiated. Submitted by: icing Reviewed by: icing, ylavic, jim

Changed paths

Path	Details
httpd/httpd/branches/2.4.x/	modified , props changed
httpd/httpd/branches/2.4.x/CHANGES	modified , text changed
httpd/httpd/branches/2.4.x/STATUS	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/	modified , props changed
httpd/httpd/branches/2.4.x/modules/http2/h2_conn.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_conn.h	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_mplx.h	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_session.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_switch.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_util.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/h2_workers.c	modified , text changed
httpd/httpd/branches/2.4.x/modules/http2/mod_http2.c	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26