Описание
Security update for apache2
This update provides apache2 2.2.34, which brings many fixes and enhancements:
Security issues fixed:
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576)
Bug fixes:
- Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830)
- Don't put the backend in error state (by default) when 500/503 error code is overridden. (bsc#951692)
- Allow single-char field names inadvertently disallowed in 2.2.32.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
apache2-2.2.34-70.5.1
apache2-doc-2.2.34-70.5.1
apache2-example-pages-2.2.34-70.5.1
apache2-prefork-2.2.34-70.5.1
apache2-utils-2.2.34-70.5.1
apache2-worker-2.2.34-70.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-2.2.34-70.5.1
apache2-doc-2.2.34-70.5.1
apache2-example-pages-2.2.34-70.5.1
apache2-prefork-2.2.34-70.5.1
apache2-utils-2.2.34-70.5.1
apache2-worker-2.2.34-70.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4
apache2-2.2.34-70.5.1
apache2-devel-2.2.34-70.5.1
apache2-doc-2.2.34-70.5.1
apache2-example-pages-2.2.34-70.5.1
apache2-prefork-2.2.34-70.5.1
apache2-utils-2.2.34-70.5.1
apache2-worker-2.2.34-70.5.1
SUSE Studio Onsite 1.3
apache2-devel-2.2.34-70.5.1
Ссылки
- Link for SUSE-SU-2017:1997-1
- E-Mail link for SUSE-SU-2017:1997-1
- SUSE Security Ratings
- SUSE Bug 1041830
- SUSE Bug 1048576
- SUSE Bug 951692
- SUSE CVE CVE-2017-9788 page
Описание
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.5.1
SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.5.1
SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.5.1
SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.5.1
Ссылки
- CVE-2017-9788
- SUSE Bug 1048576