ALAS2-2018-1062


Amazon Linux 2 Security Advisory: ALAS-2018-1062
Advisory Release Date: 2018-08-21 23:38 Pacific
Severity: Medium
References: CVE-2018-8011 

Issue Overview:

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). (CVE-2018-8011 )


Affected Packages:

httpd


Issue Correction:
Run yum update httpd to update your system.

New Packages:
noarch:
    httpd-manual-2.4.34-1.amzn2.1.0.noarch
    httpd-filesystem-2.4.34-1.amzn2.1.0.noarch

src:
    httpd-2.4.34-1.amzn2.1.0.src

x86_64:
    httpd-2.4.34-1.amzn2.1.0.x86_64
    httpd-devel-2.4.34-1.amzn2.1.0.x86_64
    httpd-tools-2.4.34-1.amzn2.1.0.x86_64
    mod_ssl-2.4.34-1.amzn2.1.0.x86_64
    mod_md-2.4.34-1.amzn2.1.0.x86_64
    mod_proxy_html-2.4.34-1.amzn2.1.0.x86_64
    mod_ldap-2.4.34-1.amzn2.1.0.x86_64
    mod_session-2.4.34-1.amzn2.1.0.x86_64
    httpd-debuginfo-2.4.34-1.amzn2.1.0.x86_64