Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issue fixed:
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576)
Bug fixes:
- Include individual sysconfig.d files instead of the whole sysconfig.d directory.
- Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
apache2-2.4.23-29.3.2
apache2-doc-2.4.23-29.3.2
apache2-example-pages-2.4.23-29.3.2
apache2-prefork-2.4.23-29.3.2
apache2-utils-2.4.23-29.3.2
apache2-worker-2.4.23-29.3.2
SUSE Linux Enterprise Server 12 SP3
apache2-2.4.23-29.3.2
apache2-doc-2.4.23-29.3.2
apache2-example-pages-2.4.23-29.3.2
apache2-prefork-2.4.23-29.3.2
apache2-utils-2.4.23-29.3.2
apache2-worker-2.4.23-29.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
apache2-2.4.23-29.3.2
apache2-doc-2.4.23-29.3.2
apache2-example-pages-2.4.23-29.3.2
apache2-prefork-2.4.23-29.3.2
apache2-utils-2.4.23-29.3.2
apache2-worker-2.4.23-29.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
apache2-2.4.23-29.3.2
apache2-doc-2.4.23-29.3.2
apache2-example-pages-2.4.23-29.3.2
apache2-prefork-2.4.23-29.3.2
apache2-utils-2.4.23-29.3.2
apache2-worker-2.4.23-29.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.3.2
apache2-doc-2.4.23-29.3.2
apache2-example-pages-2.4.23-29.3.2
apache2-prefork-2.4.23-29.3.2
apache2-utils-2.4.23-29.3.2
apache2-worker-2.4.23-29.3.2
SUSE Linux Enterprise Software Development Kit 12 SP2
apache2-devel-2.4.23-29.3.2
SUSE Linux Enterprise Software Development Kit 12 SP3
apache2-devel-2.4.23-29.3.2
Ссылки
- Link for SUSE-SU-2017:1961-1
- E-Mail link for SUSE-SU-2017:1961-1
- SUSE Security Ratings
- SUSE Bug 1023616
- SUSE Bug 1043055
- SUSE Bug 1048576
- SUSE CVE CVE-2017-9788 page
Описание
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.3.2
SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.3.2
SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.3.2
SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.3.2
Ссылки
- CVE-2017-9788
- SUSE Bug 1048576