CVE-2020-11993

Priority
Description
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled
for the HTTP/2 module and on certain traffic edge patterns, logging
statements were made on the wrong connection, causing concurrent use of
memory pools. Configuring the LogLevel of mod_http2 above "info" will
mitigate this vulnerability for unpatched servers.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.4.44)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.4.29-1ubuntu4.14)
Ubuntu 20.04 LTS (Focal Fossa):released (2.4.41-4ubuntu3.1)
Ubuntu 20.10 (Groovy Gorilla):released (2.4.46-1ubuntu1)
Patches:
Upstream:https://svn.apache.org/r1879642
Upstream:https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c
More Information

Updated: 2020-09-10 06:35:48 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)