SB2017071006 - Use-after-free error in apache2 (Alpine package)
Published: July 10, 2017
Security Bulletin ID
SB2017071006
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free error (CVE-ID: CVE-2017-9789)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the targeted system.
The weakness exists due to use-after-free condition in the mod_http2 function. A remote attacker can trigger memory corruption and cause the server to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=33c9b879e1ac2712ea308a9c9e642d83b54d690d
- https://git.alpinelinux.org/aports/commit/?id=6b9a79f0701cb33053c40b36978e1774a9e90d8e
- https://git.alpinelinux.org/aports/commit/?id=833fa41a4d6d73d87df385db7cb1effb9cadada5
- https://git.alpinelinux.org/aports/commit/?id=c21717b071b1dcd50c33619ba3785fd9dfbb3640
- https://git.alpinelinux.org/aports/commit/?id=c44d3bbc2aeb49f7b8d0b68adaaadeef824b4029