Bug 1073952 (CVE-2017-10869) - [server:http] h2o: multiple security issues
Summary: [server:http] h2o: multiple security issues
Status: RESOLVED FIXED
Alias: CVE-2017-10869
Product: openSUSE Distribution
Classification: openSUSE
Component: Other (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Marcus Rückert
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/197162/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-22 07:13 UTC by Marcus Meissner
Modified: 2018-04-16 16:29 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-12-22 07:13:30 UTC 
CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to upstream]
CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing]
CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request]
CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o]

package is only in server:http as far as I see.
Comment 1 Marcus Rückert 2018-04-16 16:29:09 UTC 
updated to 2.2.4 by contributor.