Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0091-1

Опубликовано: 17 янв. 2022
Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849)

It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51.

See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log.

Also fixed:

  • CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943)
  • CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942)

Список пакетов

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAP-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAP-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAP-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAPCAL-Azure
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAPCAL-EC2-HVM
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
Image SLES15-SP3-SAPCAL-GCE
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
apache2-2.4.51-3.37.1
apache2-prefork-2.4.51-3.37.1
apache2-utils-2.4.51-3.37.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
apache2-event-2.4.51-3.37.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
apache2-devel-2.4.51-3.37.1
apache2-doc-2.4.51-3.37.1
apache2-worker-2.4.51-3.37.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
apache2-devel-2.4.51-3.37.1
apache2-doc-2.4.51-3.37.1
apache2-worker-2.4.51-3.37.1

Ссылки

Описание

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-3.37.1
Ссылки

Описание

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-3.37.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-3.37.1
Ссылки
Уязвимость SUSE-SU-2022:0091-1