SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Apache httpd reports :
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled (CVE-2017-15710)
mod_session: CGI-like applications that intend to read from mod_session's 'SessionEnv ON' could be fooled into reading user-supplied data instead. (CVE-2018-1283)
mod_cache_socache: Fix request headers parsing to avoid a possible crash with specially crafted input data. (CVE-2018-1303)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel. (CVE-2018-1301)
core: Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. (CVE-2017-15715)
mod_auth_digest: Fix generation of nonce values to prevent replay attacks across servers using a common Digest domain. This change may cause problems if used with round robin load balancers.
mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)
SolutionUpdate the affected packages.