Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714).
- CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
apache2-2.2.12-69.1
apache2-doc-2.2.12-69.1
apache2-example-pages-2.2.12-69.1
apache2-prefork-2.2.12-69.1
apache2-utils-2.2.12-69.1
apache2-worker-2.2.12-69.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-2.2.12-69.1
apache2-doc-2.2.12-69.1
apache2-example-pages-2.2.12-69.1
apache2-prefork-2.2.12-69.1
apache2-utils-2.2.12-69.1
apache2-worker-2.2.12-69.1
SUSE Linux Enterprise Software Development Kit 11 SP4
apache2-2.2.12-69.1
apache2-devel-2.2.12-69.1
apache2-doc-2.2.12-69.1
apache2-example-pages-2.2.12-69.1
apache2-prefork-2.2.12-69.1
apache2-utils-2.2.12-69.1
apache2-worker-2.2.12-69.1
SUSE Studio Onsite 1.3
apache2-devel-2.2.12-69.1
Ссылки
- Link for SUSE-SU-2017:0729-1
- E-Mail link for SUSE-SU-2017:0729-1
- SUSE Security Ratings
- SUSE Bug 1016714
- SUSE Bug 1016715
- SUSE CVE CVE-2016-2161 page
- SUSE CVE CVE-2016-8743 page
Описание
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-69.1
Ссылки
- CVE-2016-2161
- SUSE Bug 1016714
- SUSE Bug 1033513
Описание
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-69.1
SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-69.1
Ссылки
- CVE-2016-8743
- SUSE Bug 1016715
- SUSE Bug 1033513
- SUSE Bug 1086774
- SUSE Bug 1104826
- SUSE Bug 930944