nagetsum/example-errata_notification_mail.txt

## example-errata_notification_mail.txt
From: Red Hat Errata Notifications <errata@redhat.com>
Subject: [Security Advisory] RHSA-2019:0366 Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update

The following Red Hat Security Advisory has been published which may affect
subscriptions which you have purchased.


RHSA-2019:0366 Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update


Summary:

Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.

Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part
of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.

Security Fix(es):

* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)
* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)
* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
* httpd:  bypass with a trailing newline in the file name (CVE-2017-15715)
* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)
* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)
* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)

Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.

The CVE-2018-1000168 issue was discovered by The Nghttp2 Project.

Full details and references:

https://access.redhat.com/errata/RHSA-2019:0366?sc_cid=701600000006NHXAA2

CVE Names:

CVE-2017-10140 CVE-2017-15710 CVE-2017-15715 CVE-2018-0739 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 CVE-2018-11759 CVE-2018-11763 CVE-2018-1000168

Revision History:

Issue Date: 2019-02-18
Updated:    2019-02-18


----------------------------------------------------------------------------------------------
Manage Errata Notifications
----------------------------------------------------------------------------------------------

You are receiving this email because you have elected to receive errata notifications
from Red Hat. This message is being sent to:
    Red Hat login:         xxxx
    Email address on file: <xxxx>

Update your preferences at https://www.redhat.com/wapps/ugc/protected/notif.html


----------------------------------------------------------------------------------------------
Contact
----------------------------------------------------------------------------------------------

The Red Hat security contact is secalert@redhat.com.  More contact
details at https://access.redhat.com/security/team/contact/

This is an automated message. Please do not reply. If you have further questions or concerns,
please contact Red Hat Technical Support https://access.redhat.com/support/contact/technicalSupport/
or open a support case via the Red Hat Customer Portal https://access.redhat.com/support/cases/#/case/new/


Copyright 2019 Red Hat, Inc.
	From: Red Hat Errata Notifications <errata@redhat.com>
	Subject: [Security Advisory] RHSA-2019:0366 Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update

	The following Red Hat Security Advisory has been published which may affect
	subscriptions which you have purchased.


	RHSA-2019:0366 Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update


	Summary:

	Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.

	Red Hat Product Security has rated this release as having a security impact
	of Important. A Common Vulnerability Scoring System (CVSS) base score,
	which gives a detailed severity rating, is available for each vulnerability
	from the CVE link(s) in the References section.

	This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part
	of the JBoss Core Services offering.

	This release serves as a replacement for Red Hat JBoss Core Services
	Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer
	to the Release Notes for information on the most significant bug fixes,
	enhancements and component upgrades included in this release.

	Security Fix(es):

	* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)
	* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
	* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
	* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)
	* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
	* httpd: bypass with a trailing newline in the file name (CVE-2017-15715)
	* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
	* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)
	* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
	* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
	* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)
	* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)
	* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)

	Details around this issue, including information about the CVE, severity of
	the issue, and the CVSS score can be found on the CVE page listed in the
	Reference section below.

	The CVE-2018-1000168 issue was discovered by The Nghttp2 Project.

	Full details and references:

	https://access.redhat.com/errata/RHSA-2019:0366?sc_cid=701600000006NHXAA2

	CVE Names:

	CVE-2017-10140 CVE-2017-15710 CVE-2017-15715 CVE-2018-0739 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 CVE-2018-11759 CVE-2018-11763 CVE-2018-1000168

	Revision History:

	Issue Date: 2019-02-18
	Updated: 2019-02-18


	----------------------------------------------------------------------------------------------
	Manage Errata Notifications
	----------------------------------------------------------------------------------------------

	You are receiving this email because you have elected to receive errata notifications
	from Red Hat. This message is being sent to:
	Red Hat login: xxxx
	Email address on file: <xxxx>

	Update your preferences at https://www.redhat.com/wapps/ugc/protected/notif.html


	----------------------------------------------------------------------------------------------
	Contact
	----------------------------------------------------------------------------------------------

	The Red Hat security contact is secalert@redhat.com. More contact
	details at https://access.redhat.com/security/team/contact/

	This is an automated message. Please do not reply. If you have further questions or concerns,
	please contact Red Hat Technical Support https://access.redhat.com/support/contact/technicalSupport/
	or open a support case via the Red Hat Customer Portal https://access.redhat.com/support/cases/#/case/new/


	Copyright 2019 Red Hat, Inc.
No results found