Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2311-1

Опубликовано: 25 авг. 2020
Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

  • CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).

  • CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074).

  • CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).

  • Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052)

Список пакетов

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAP-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAP-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAP-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAPCAL-Azure
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAPCAL-EC2-HVM
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
Image SLES15-SP3-SAPCAL-GCE
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
apache2-2.4.43-3.5.1
apache2-prefork-2.4.43-3.5.1
apache2-utils-2.4.43-3.5.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
apache2-devel-2.4.43-3.5.1
apache2-doc-2.4.43-3.5.1
apache2-worker-2.4.43-3.5.1

Ссылки

Описание

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.5.1
Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.5.1
Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.5.1
Ссылки
Уязвимость SUSE-SU-2020:2311-1