Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
Список пакетов
HPE Helion OpenStack 8
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server 12 SP2-BCL
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server 12 SP3-BCL
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server 12 SP3-LTSS
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server 12 SP4-LTSS
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE OpenStack Cloud 8
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE OpenStack Cloud 9
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE OpenStack Cloud Crowbar 8
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
SUSE OpenStack Cloud Crowbar 9
apache2-2.4.23-29.88.1
apache2-doc-2.4.23-29.88.1
apache2-example-pages-2.4.23-29.88.1
apache2-prefork-2.4.23-29.88.1
apache2-utils-2.4.23-29.88.1
apache2-worker-2.4.23-29.88.1
Ссылки
- Link for SUSE-SU-2022:0918-1
- E-Mail link for SUSE-SU-2022:0918-1
- SUSE Security Ratings
- SUSE Bug 1197091
- SUSE Bug 1197095
- SUSE Bug 1197096
- SUSE Bug 1197098
- SUSE CVE CVE-2022-22719 page
- SUSE CVE CVE-2022-22720 page
- SUSE CVE CVE-2022-22721 page
- SUSE CVE CVE-2022-23943 page
Описание
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1
Ссылки
- CVE-2022-22719
- SUSE Bug 1197091
- SUSE Bug 1198430
Описание
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1
Ссылки
- CVE-2022-22720
- SUSE Bug 1197095
- SUSE Bug 1198430
- SUSE Bug 1198998
- SUSE Bug 1199102
- SUSE Bug 1199495
- SUSE Bug 1204730
- SUSE Bug 1225670
Описание
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1
Ссылки
- CVE-2022-22721
- SUSE Bug 1197096
- SUSE Bug 1198430
Описание
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Затронутые продукты
HPE Helion OpenStack 8:apache2-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1
HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1
Ссылки
- CVE-2022-23943
- SUSE Bug 1197098
- SUSE Bug 1198430
- SUSE Bug 1200351
- SUSE Bug 1219585