SUSE-SU-2017:2756-1

This update for apache2 fixes several issues.

These security issues were fixed:

• CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)
• CVE-2017-9788: Uninitialized memory reflection in modauthdigest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576).
• CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060).
• CVE-2017-3169: modssl may dereferenced a NULL pointer when third-party modules call aphookprocessconnection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062).
• CVE-2017-3167: Use of the apgetbasicauthpw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065).

These non-security issues were fixed:

• remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade (bsc#1041830)
• gensslcert: use hostname when fqdn is too long (bsc#1035829)
• add NotifyAccess=all to service file (bsc#980663)