Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
Список пакетов
HPE Helion OpenStack 8
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server 12 SP2-BCL
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server 12 SP3-BCL
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server 12 SP3-LTSS
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server 12 SP4-LTSS
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server 12 SP5
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE Linux Enterprise Software Development Kit 12 SP5
apache2-devel-2.4.23-29.80.1
SUSE OpenStack Cloud 8
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE OpenStack Cloud 9
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE OpenStack Cloud Crowbar 8
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
SUSE OpenStack Cloud Crowbar 9
apache2-2.4.23-29.80.1
apache2-doc-2.4.23-29.80.1
apache2-example-pages-2.4.23-29.80.1
apache2-prefork-2.4.23-29.80.1
apache2-utils-2.4.23-29.80.1
apache2-worker-2.4.23-29.80.1
Ссылки
- Link for SUSE-SU-2021:3299-1
- E-Mail link for SUSE-SU-2021:3299-1
- SUSE Security Ratings
- SUSE Bug 1190666
- SUSE Bug 1190669
- SUSE Bug 1190703
- SUSE CVE CVE-2021-34798 page
- SUSE CVE CVE-2021-39275 page
- SUSE CVE CVE-2021-40438 page
Описание
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.80.1
Ссылки
- CVE-2021-34798
- SUSE Bug 1190669
- SUSE Bug 1191297
Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.80.1
Ссылки
- CVE-2021-39275
- SUSE Bug 1190666
Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.80.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.80.1
Ссылки
- CVE-2021-40438
- SUSE Bug 1190703