Описание
Security update for apache2
This update for apache2 fixes the following issues:
- Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update. (bsc#1178074)
Список пакетов
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-SAPCAL-Azure
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-SAPCAL-EC2-HVM
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-SAPCAL-GCE
apache2-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
apache2-2.4.33-3.41.1
apache2-devel-2.4.33-3.41.1
apache2-doc-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
apache2-worker-2.4.33-3.41.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
apache2-2.4.33-3.41.1
apache2-devel-2.4.33-3.41.1
apache2-doc-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
apache2-worker-2.4.33-3.41.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
apache2-2.4.33-3.41.1
apache2-devel-2.4.33-3.41.1
apache2-doc-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
apache2-worker-2.4.33-3.41.1
SUSE Linux Enterprise Server 15-LTSS
apache2-2.4.33-3.41.1
apache2-devel-2.4.33-3.41.1
apache2-doc-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
apache2-worker-2.4.33-3.41.1
SUSE Linux Enterprise Server for SAP Applications 15
apache2-2.4.33-3.41.1
apache2-devel-2.4.33-3.41.1
apache2-doc-2.4.33-3.41.1
apache2-prefork-2.4.33-3.41.1
apache2-utils-2.4.33-3.41.1
apache2-worker-2.4.33-3.41.1
Ссылки
- Link for SUSE-SU-2020:3067-1
- E-Mail link for SUSE-SU-2020:3067-1
- SUSE Security Ratings
- SUSE Bug 1175070
- SUSE Bug 1175071
- SUSE Bug 1178074
- SUSE CVE CVE-2020-11993 page
- SUSE CVE CVE-2020-9490 page
Описание
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
Затронутые продукты
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-prefork-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:apache2-2.4.33-3.41.1
Ссылки
- CVE-2020-11993
- SUSE Bug 1175070
- SUSE Bug 1178074
- SUSE Bug 1180830
Описание
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Затронутые продукты
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-prefork-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:apache2-utils-2.4.33-3.41.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:apache2-2.4.33-3.41.1
Ссылки
- CVE-2020-9490
- SUSE Bug 1175071
- SUSE Bug 1178074