Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
Список пакетов
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAP-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAP-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAP-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAPCAL-Azure
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAPCAL-EC2-HVM
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP3-SAPCAL-GCE
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
SUSE Enterprise Storage 7
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
apache2-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
apache2-event-2.4.51-150200.3.42.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise Real Time 15 SP2
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise Server 15 SP2-BCL
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise Server 15 SP2-LTSS
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Manager Proxy 4.1
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Manager Retail Branch Server 4.1
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
SUSE Manager Server 4.1
apache2-2.4.51-150200.3.42.1
apache2-devel-2.4.51-150200.3.42.1
apache2-doc-2.4.51-150200.3.42.1
apache2-prefork-2.4.51-150200.3.42.1
apache2-utils-2.4.51-150200.3.42.1
apache2-worker-2.4.51-150200.3.42.1
Ссылки
- Link for SUSE-SU-2022:1031-1
- E-Mail link for SUSE-SU-2022:1031-1
- SUSE Security Ratings
- SUSE Bug 1197091
- SUSE Bug 1197095
- SUSE Bug 1197096
- SUSE Bug 1197098
- SUSE CVE CVE-2022-22719 page
- SUSE CVE CVE-2022-22720 page
- SUSE CVE CVE-2022-22721 page
- SUSE CVE CVE-2022-23943 page
Описание
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-150200.3.42.1
Ссылки
- CVE-2022-22719
- SUSE Bug 1197091
- SUSE Bug 1198430
Описание
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-150200.3.42.1
Ссылки
- CVE-2022-22720
- SUSE Bug 1197095
- SUSE Bug 1198430
- SUSE Bug 1198998
- SUSE Bug 1199102
- SUSE Bug 1199495
- SUSE Bug 1204730
- SUSE Bug 1225670
Описание
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-150200.3.42.1
Ссылки
- CVE-2022-22721
- SUSE Bug 1197096
- SUSE Bug 1198430
Описание
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.51-150200.3.42.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.51-150200.3.42.1
Ссылки
- CVE-2022-23943
- SUSE Bug 1197098
- SUSE Bug 1198430
- SUSE Bug 1200351
- SUSE Bug 1219585