Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
- CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy. (bsc#1189387)
Список пакетов
Image SLES15-SP1-SAPCAL-Azure
apache2-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM
apache2-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-GCE
apache2-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
SUSE Enterprise Storage 6
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise Server 15 SP1-BCL
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise Server 15 SP1-LTSS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise Server 15-LTSS
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise Server for SAP Applications 15
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
apache2-2.4.33-3.55.1
apache2-devel-2.4.33-3.55.1
apache2-doc-2.4.33-3.55.1
apache2-prefork-2.4.33-3.55.1
apache2-utils-2.4.33-3.55.1
apache2-worker-2.4.33-3.55.1
Ссылки
- Link for SUSE-SU-2021:3335-1
- E-Mail link for SUSE-SU-2021:3335-1
- SUSE Security Ratings
- SUSE Bug 1189387
- SUSE Bug 1190666
- SUSE Bug 1190669
- SUSE Bug 1190702
- SUSE Bug 1190703
- SUSE CVE CVE-2021-33193 page
- SUSE CVE CVE-2021-34798 page
- SUSE CVE CVE-2021-36160 page
- SUSE CVE CVE-2021-39275 page
- SUSE CVE CVE-2021-40438 page
Описание
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.55.1
Ссылки
- CVE-2021-33193
- SUSE Bug 1189387
- SUSE Bug 1195686
Описание
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.55.1
Ссылки
- CVE-2021-34798
- SUSE Bug 1190669
- SUSE Bug 1191297
Описание
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.55.1
Ссылки
- CVE-2021-36160
- SUSE Bug 1190702
Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.55.1
Ссылки
- CVE-2021-39275
- SUSE Bug 1190666
Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.55.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.55.1
Ссылки
- CVE-2021-40438
- SUSE Bug 1190703