It was found in httpd that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. References: https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E External References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/security/vulnerabilities_22.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1463208]
Upstream commit: 2.4: https://github.com/apache/httpd/commit/54e0c857b1b019c147b778c09d5e72d99183ff61 2.2: https://github.com/apache/httpd/commit/3fdeae4ddcaae251ae99bdd4421ab14aac53a502
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2478
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3475
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3476
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2017:3477