Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
Список пакетов
Image SLES15-SP1-SAPCAL-Azure
apache2-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-EC2-HVM
apache2-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-GCE
apache2-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
SUSE Enterprise Storage 6
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise Server 15 SP1-BCL
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise Server 15 SP1-LTSS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise Server 15-LTSS
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise Server for SAP Applications 15
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
apache2-2.4.33-150000.3.66.1
apache2-devel-2.4.33-150000.3.66.1
apache2-doc-2.4.33-150000.3.66.1
apache2-prefork-2.4.33-150000.3.66.1
apache2-utils-2.4.33-150000.3.66.1
apache2-worker-2.4.33-150000.3.66.1
Ссылки
- Link for SUSE-SU-2022:0929-1
- E-Mail link for SUSE-SU-2022:0929-1
- SUSE Security Ratings
- SUSE Bug 1197091
- SUSE Bug 1197095
- SUSE Bug 1197096
- SUSE Bug 1197098
- SUSE CVE CVE-2022-22719 page
- SUSE CVE CVE-2022-22720 page
- SUSE CVE CVE-2022-22721 page
- SUSE CVE CVE-2022-23943 page
Описание
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-150000.3.66.1
Ссылки
- CVE-2022-22719
- SUSE Bug 1197091
- SUSE Bug 1198430
Описание
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-150000.3.66.1
Ссылки
- CVE-2022-22720
- SUSE Bug 1197095
- SUSE Bug 1198430
- SUSE Bug 1198998
- SUSE Bug 1199102
- SUSE Bug 1199495
- SUSE Bug 1204730
- SUSE Bug 1225670
Описание
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-150000.3.66.1
Ссылки
- CVE-2022-22721
- SUSE Bug 1197096
- SUSE Bug 1198430
Описание
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:apache2-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-prefork-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-Azure:apache2-utils-2.4.33-150000.3.66.1
Image SLES15-SP1-SAPCAL-EC2-HVM:apache2-2.4.33-150000.3.66.1
Ссылки
- CVE-2022-23943
- SUSE Bug 1197098
- SUSE Bug 1198430
- SUSE Bug 1200351
- SUSE Bug 1219585