| Revision Date: | 2018-03-26 | Version: | 1 | | Title: | CVE-2018-1302 on Ubuntu 16.04 LTS (xenial) - low. | | Description: | When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-1302
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT apache2 package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
OR NOT apache2-bin package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
OR NOT apache2-data package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
OR NOT apache2-suexec-custom package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
OR NOT apache2-suexec-pristine package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
OR NOT apache2-utils package in xenial, while related to the CVE in some way, is not affected (note: 'code not built').
|
|