Amazon Linux 2 Security Advisory: ALAS-2018-1062
Advisory Release Date: 2018-08-21 17:16 Pacific
Advisory Updated Date: 2018-08-21 23:38 Pacific
Severity:
Medium
Issue Overview:
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVE-2018-8011)
Affected Packages:
httpd
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update httpd to update your system.
New Packages:
noarch:
httpd-manual-2.4.34-1.amzn2.1.0.noarch
httpd-filesystem-2.4.34-1.amzn2.1.0.noarch
src:
httpd-2.4.34-1.amzn2.1.0.src
x86_64:
httpd-2.4.34-1.amzn2.1.0.x86_64
httpd-devel-2.4.34-1.amzn2.1.0.x86_64
httpd-tools-2.4.34-1.amzn2.1.0.x86_64
mod_ssl-2.4.34-1.amzn2.1.0.x86_64
mod_md-2.4.34-1.amzn2.1.0.x86_64
mod_proxy_html-2.4.34-1.amzn2.1.0.x86_64
mod_ldap-2.4.34-1.amzn2.1.0.x86_64
mod_session-2.4.34-1.amzn2.1.0.x86_64
httpd-debuginfo-2.4.34-1.amzn2.1.0.x86_64