Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387).
Список пакетов
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAP-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAP-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAP-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAPCAL-Azure
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAPCAL-EC2-HVM
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
Image SLES15-SP3-SAPCAL-GCE
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
apache2-2.4.43-3.25.1
apache2-prefork-2.4.43-3.25.1
apache2-utils-2.4.43-3.25.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
apache2-event-2.4.43-3.25.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
apache2-devel-2.4.43-3.25.1
apache2-doc-2.4.43-3.25.1
apache2-worker-2.4.43-3.25.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
apache2-devel-2.4.43-3.25.1
apache2-doc-2.4.43-3.25.1
apache2-worker-2.4.43-3.25.1
Ссылки
- Link for SUSE-SU-2021:2954-1
- E-Mail link for SUSE-SU-2021:2954-1
- SUSE Security Ratings
- SUSE Bug 1189387
- SUSE CVE CVE-2021-33193 page
Описание
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.25.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.25.1
Ссылки
- CVE-2021-33193
- SUSE Bug 1189387
- SUSE Bug 1195686