Описание
Security update for apache2
This update for apache2 fixes the following issues:
- Fixed potential content spoofing with default error pages(bsc#118270)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
apache2-2.4.23-29.69.1
apache2-doc-2.4.23-29.69.1
apache2-example-pages-2.4.23-29.69.1
apache2-prefork-2.4.23-29.69.1
apache2-utils-2.4.23-29.69.1
apache2-worker-2.4.23-29.69.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-2.4.23-29.69.1
apache2-doc-2.4.23-29.69.1
apache2-example-pages-2.4.23-29.69.1
apache2-prefork-2.4.23-29.69.1
apache2-utils-2.4.23-29.69.1
apache2-worker-2.4.23-29.69.1
SUSE Linux Enterprise Software Development Kit 12 SP5
apache2-devel-2.4.23-29.69.1
Ссылки
- Link for SUSE-SU-2021:0779-1
- E-Mail link for SUSE-SU-2021:0779-1
- SUSE Security Ratings
- SUSE Bug 1145740
- SUSE Bug 1182703
- SUSE CVE CVE-2019-10092 page
Описание
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:apache2-2.4.23-29.69.1
SUSE Linux Enterprise Server 12 SP5:apache2-doc-2.4.23-29.69.1
SUSE Linux Enterprise Server 12 SP5:apache2-example-pages-2.4.23-29.69.1
SUSE Linux Enterprise Server 12 SP5:apache2-prefork-2.4.23-29.69.1
Ссылки
- CVE-2019-10092
- SUSE Bug 1145740
- SUSE Bug 1182703