Candidate: CVE-2017-9789
PublicDate: 2017-07-13 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789
 https://httpd.apache.org/security/vulnerabilities_24.html
 https://lists.apache.org/thread.html/9d0098775bd83cf7c33ac5a077ef412c14ce939198921e639c734e20@%3Cannounce.httpd.apache.org%3E
Description:
 When under stress, closing many connections, the HTTP/2 handling code in
 Apache httpd 2.4.26 would sometimes access memory after it has been freed,
 resulting in potentially erratic behaviour.
Ubuntu-Description:
Notes:
 sbeattie> HTTP/2 support has not been enabled in Ubuntu builds of apache
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_apache2:
upstream_apache2: released (2.4.27)
precise/esm_apache2: not-affected (HTTP/2 disabled)
trusty_apache2: not-affected (HTTP/2 disabled)
trusty/esm_apache2: not-affected (HTTP/2 disabled)
vivid/ubuntu-core_apache2: DNE
xenial_apache2: not-affected (HTTP/2 disabled)
esm-infra/xenial_apache2: not-affected (HTTP/2 disabled)
yakkety_apache2: not-affected (HTTP/2 disabled)
zesty_apache2: not-affected (HTTP/2 disabled)
devel_apache2: released (2.4.27-2ubuntu2)