Security issue in Apache 2.4.27 ("optionsbleed")

Hello,

a security issue has been found in Apache 2.4.27, which is at the moment scheduled for the "next" branch in IPFire.

It is a memory leak (called "optionsbleed"), more details are available here: * https://nvd.nist.gov/vuln/detail/CVE-2017-9798 * https://heise.de/-3835313 (german only)

A patch has been published on Apache's SVN repository (but I am not sure how to add it to the LFS build file :-) ): https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=18...

Although IPFire is not vulnerable as far as I know, it might be good to deploy this. Affects the 2.2.x series, too.

Just in case anyone is interested.

Best regards, Peter Müller