SUSE-SU-2022:0119-1

Опубликовано: 18 янв. 2022

Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)

Список пакетов

Image SLES15-SP1-SAPCAL-Azure

apache2-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-EC2-HVM

apache2-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-GCE

apache2-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

SUSE Enterprise Storage 6

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise Server 15 SP1-BCL

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise Server 15 SP1-LTSS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise Server 15-LTSS

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise Server for SAP Applications 15

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

apache2-2.4.33-3.61.1

apache2-devel-2.4.33-3.61.1

apache2-doc-2.4.33-3.61.1

apache2-prefork-2.4.33-3.61.1

apache2-utils-2.4.33-3.61.1

apache2-worker-2.4.33-3.61.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220119-1/
Link for SUSE-SU-2022:0119-1
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010025.html
E-Mail link for SUSE-SU-2022:0119-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1193942
SUSE Bug 1193942
https://bugzilla.suse.com/1193943
SUSE Bug 1193943
https://www.suse.com/security/cve/CVE-2021-44224/
SUSE CVE CVE-2021-44224 page
https://www.suse.com/security/cve/CVE-2021-44790/
SUSE CVE CVE-2021-44790 page

Описание

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

Затронутые продукты

Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.61.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44224.html
CVE-2021-44224
https://bugzilla.suse.com/1193943
SUSE Bug 1193943

Описание

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Затронутые продукты

Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-3.61.1

Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-3.61.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44790.html
CVE-2021-44790
https://bugzilla.suse.com/1193942
SUSE Bug 1193942
https://bugzilla.suse.com/1204730
SUSE Bug 1204730

SUSE-SU-2022:0119-1

Описание

Список пакетов

Image SLES15-SP1-SAPCAL-Azure

Image SLES15-SP1-SAPCAL-EC2-HVM

Image SLES15-SP1-SAPCAL-GCE

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2021-44224

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-44790

Описание

Затронутые продукты

Ссылки