Описание
Security update for apache2
Apache was updated to fix one security vulnerability and two bugs.
Following security issue was fixed.
- Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183)
Bugs fixed:
- add SSLSessionTickets directive (bsc#941676)
- hardcode modules %files (bsc#444878)
- only enable the port 443 for TCP protocol, not UDP. (bsc#931002)
Список пакетов
SUSE Linux Enterprise Server 11 SP3
apache2-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
apache2-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Server 11 SP4
apache2-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
apache2-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Software Development Kit 11 SP3
apache2-2.2.12-59.1
apache2-devel-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
SUSE Linux Enterprise Software Development Kit 11 SP4
apache2-2.2.12-59.1
apache2-devel-2.2.12-59.1
apache2-doc-2.2.12-59.1
apache2-example-pages-2.2.12-59.1
apache2-prefork-2.2.12-59.1
apache2-utils-2.2.12-59.1
apache2-worker-2.2.12-59.1
Ссылки
- Link for SUSE-SU-2015:1885-1
- E-Mail link for SUSE-SU-2015:1885-1
- SUSE Security Ratings
- SUSE Bug 444878
- SUSE Bug 931002
- SUSE Bug 938728
- SUSE Bug 941676
- SUSE CVE CVE-2015-3183 page
Описание
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-59.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-59.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-59.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-59.1
Ссылки
- CVE-2015-3183
- SUSE Bug 938728
- SUSE Bug 948325
- SUSE Bug 949218