Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
🔗 CVE IDs covered (31)
📋 Description
CVE-2016-0718 — expat: Out-of-bounds heap read on crafted input causing crash CVE-2016-4975 — httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir CVE-2016-5131 — libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2016-7167 — curl: escape and unescape integer overflows CVE-2016-8615 — curl: Cookie injection for other servers CVE-2016-8616 — curl: Case insensitive password comparison CVE-2016-8617 — curl: Out-of-bounds write via unchecked multiplication CVE-2016-8618 — curl: Double-free in curl_maprintf CVE-2016-8619 — curl: Double-free in krb5 code CVE-2016-8621 — curl: curl_getdate out-of-bounds read CVE-2016-8622 — curl: URL unescape heap overflow via integer truncation CVE-2016-8623 — curl: Use-after-free via shared cookies CVE-2016-8624 — curl: Invalid URL parsing with '#' CVE-2016-8625 — curl: IDNA 2003 makes curl use wrong host CVE-2016-9318 — libxml2: XML External Entity vulnerability CVE-2016-9596 — libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS) CVE-2016-9597 — libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS) CVE-2016-9598 — libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) CVE-2017-6004 — pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) CVE-2017-7186 — pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) CVE-2017-7244 — pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) CVE-2017-7245 — pcre: stack-based buffer overflow write in pcre32_copy_substring CVE-2017-7246 — pcre: stack-based buffer overflow write in pcre32_copy_substring CVE-2017-9047 — libxml2: Buffer overflow in function xmlSnprintfElementContent CVE-2017-9048 — libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent CVE-2017-9049 — libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey CVE-2017-9050 — libxml2: Heap-based buffer over-read in function xmlDictAddString CVE-2017-18258 — libxml2: Unrestricted memory usage in xz_head() function in xzlib.c CVE-2017-1000254 — curl: FTP PWD response parser out of bounds read CVE-2017-1000257 — curl: IMAP FETCH response out of bounds read CVE-2018-0500 — curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
🔗 References (25)
- selfhttps://access.redhat.com/errata/RHSA-2018:2486
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1296102
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1375906
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388370
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388377
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388378
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388385
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388386
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388388
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388390
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388392
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1408306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1425365
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434504
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1437364
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1437367
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1437369
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1495541
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503705
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1597101
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json