Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2450-1

Опубликовано: 02 сент. 2020
Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

  • CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
  • CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
  • CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).

Список пакетов

HPE Helion OpenStack 8
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Enterprise Storage 5
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP2-BCL
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP2-LTSS
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP3-BCL
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP3-LTSS
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP4-LTSS
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server 12 SP5
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE Linux Enterprise Software Development Kit 12 SP5
apache2-devel-2.4.23-29.63.1
SUSE OpenStack Cloud 7
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE OpenStack Cloud 8
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE OpenStack Cloud 9
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE OpenStack Cloud Crowbar 8
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1
SUSE OpenStack Cloud Crowbar 9
apache2-2.4.23-29.63.1
apache2-doc-2.4.23-29.63.1
apache2-example-pages-2.4.23-29.63.1
apache2-prefork-2.4.23-29.63.1
apache2-utils-2.4.23-29.63.1
apache2-worker-2.4.23-29.63.1

Ссылки

Описание

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.63.1
Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.63.1
Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.63.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.63.1
Ссылки
Уязвимость SUSE-SU-2020:2450-1