Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
apache2-2.4.23-29.77.2
apache2-doc-2.4.23-29.77.2
apache2-example-pages-2.4.23-29.77.2
apache2-prefork-2.4.23-29.77.2
apache2-utils-2.4.23-29.77.2
apache2-worker-2.4.23-29.77.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-2.4.23-29.77.2
apache2-doc-2.4.23-29.77.2
apache2-example-pages-2.4.23-29.77.2
apache2-prefork-2.4.23-29.77.2
apache2-utils-2.4.23-29.77.2
apache2-worker-2.4.23-29.77.2
SUSE Linux Enterprise Software Development Kit 12 SP5
apache2-devel-2.4.23-29.77.2
Ссылки
- Link for SUSE-SU-2021:2918-1
- E-Mail link for SUSE-SU-2021:2918-1
- SUSE Security Ratings
- SUSE Bug 1189387
- SUSE CVE CVE-2021-33193 page
Описание
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:apache2-2.4.23-29.77.2
SUSE Linux Enterprise Server 12 SP5:apache2-doc-2.4.23-29.77.2
SUSE Linux Enterprise Server 12 SP5:apache2-example-pages-2.4.23-29.77.2
SUSE Linux Enterprise Server 12 SP5:apache2-prefork-2.4.23-29.77.2
Ссылки
- CVE-2021-33193
- SUSE Bug 1189387
- SUSE Bug 1195686