Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2815-1

Опубликовано: 24 сент. 2018
Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

Security issues fixed:

  • CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715)
  • CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826)

Список пакетов

SUSE Enterprise Storage 4
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1
SUSE Linux Enterprise Server 12 SP2-LTSS
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1
SUSE Linux Enterprise Server 12 SP3
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1
SUSE Linux Enterprise Software Development Kit 12 SP3
apache2-devel-2.4.23-29.24.1
SUSE OpenStack Cloud 7
apache2-2.4.23-29.24.1
apache2-doc-2.4.23-29.24.1
apache2-example-pages-2.4.23-29.24.1
apache2-prefork-2.4.23-29.24.1
apache2-utils-2.4.23-29.24.1
apache2-worker-2.4.23-29.24.1

Ссылки

Описание

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

Затронутые продукты
SUSE Enterprise Storage 4:apache2-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.24.1
Ссылки

Описание

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

Затронутые продукты
SUSE Enterprise Storage 4:apache2-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.24.1
SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.24.1
Ссылки
Уязвимость SUSE-SU-2018:2815-1