Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
apache2-2.2.34-70.38.1
apache2-devel-2.2.34-70.38.1
apache2-doc-2.2.34-70.38.1
apache2-example-pages-2.2.34-70.38.1
apache2-prefork-2.2.34-70.38.1
apache2-utils-2.2.34-70.38.1
apache2-worker-2.2.34-70.38.1
SUSE Linux Enterprise Server 11 SP4-LTSS
apache2-2.2.34-70.38.1
apache2-doc-2.2.34-70.38.1
apache2-example-pages-2.2.34-70.38.1
apache2-prefork-2.2.34-70.38.1
apache2-utils-2.2.34-70.38.1
apache2-worker-2.2.34-70.38.1
Ссылки
- Link for SUSE-SU-2021:14811-1
- E-Mail link for SUSE-SU-2021:14811-1
- SUSE Security Ratings
- SUSE Bug 1190666
- SUSE CVE CVE-2021-39275 page
Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.38.1
Ссылки
- CVE-2021-39275
- SUSE Bug 1190666