Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)
Список пакетов
HPE Helion OpenStack 8
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server 12 SP2-BCL
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server 12 SP3-BCL
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server 12 SP3-LTSS
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server 12 SP4-LTSS
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE OpenStack Cloud 8
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE OpenStack Cloud 9
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE OpenStack Cloud Crowbar 8
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
SUSE OpenStack Cloud Crowbar 9
apache2-2.4.23-29.83.1
apache2-doc-2.4.23-29.83.1
apache2-example-pages-2.4.23-29.83.1
apache2-prefork-2.4.23-29.83.1
apache2-utils-2.4.23-29.83.1
apache2-worker-2.4.23-29.83.1
Ссылки
- Link for SUSE-SU-2022:0065-1
- E-Mail link for SUSE-SU-2022:0065-1
- SUSE Security Ratings
- SUSE Bug 1193942
- SUSE Bug 1193943
- SUSE CVE CVE-2021-44224 page
- SUSE CVE CVE-2021-44790 page
Описание
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.83.1
Ссылки
- CVE-2021-44224
- SUSE Bug 1193943
Описание
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.83.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.83.1
Ссылки
- CVE-2021-44790
- SUSE Bug 1193942
- SUSE Bug 1204730