SUSE-SU-2022:4010-1

Опубликовано: 16 нояб. 2022

Источник: suse-cvrf

Описание

Security update for apache2-mod_wsgi

This update for apache2-mod_wsgi fixes the following issues:

CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

Список пакетов

Container suse/manager/4.3/proxy-httpd:latest

apache2-mod_wsgi-4.7.1-150400.3.3.1

Container suse/manager/5.0/x86_64/proxy-httpd:latest

apache2-mod_wsgi-4.7.1-150400.3.3.1

Container suse/manager/5.0/x86_64/server:latest

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image proxy-httpd-image

apache2-mod_wsgi-4.7.1-150400.3.3.1

Image server-image

apache2-mod_wsgi-4.7.1-150400.3.3.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

apache2-mod_wsgi-4.7.1-150400.3.3.1

openSUSE Leap 15.4

apache2-mod_wsgi-4.7.1-150400.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224010-1/
Link for SUSE-SU-2022:4010-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012940.html
E-Mail link for SUSE-SU-2022:4010-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201634
SUSE Bug 1201634
https://www.suse.com/security/cve/CVE-2022-2255/
SUSE CVE CVE-2022-2255 page

Описание

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Затронутые продукты

Container suse/manager/4.3/proxy-httpd:latest:apache2-mod_wsgi-4.7.1-150400.3.3.1

Container suse/manager/5.0/x86_64/proxy-httpd:latest:apache2-mod_wsgi-4.7.1-150400.3.3.1

Container suse/manager/5.0/x86_64/server:latest:apache2-mod_wsgi-4.7.1-150400.3.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:apache2-mod_wsgi-4.7.1-150400.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2255.html
CVE-2022-2255
https://bugzilla.suse.com/1201634
SUSE Bug 1201634

SUSE-SU-2022:4010-1

Описание

Список пакетов

Container suse/manager/4.3/proxy-httpd:latest

Container suse/manager/5.0/x86_64/proxy-httpd:latest

Container suse/manager/5.0/x86_64/server:latest

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

Image SLES15-SP4-Manager-Server-4-3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

Image SLES15-SP4-Manager-Server-4-3-BYOS

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

Image proxy-httpd-image

Image server-image

SUSE Linux Enterprise Module for Public Cloud 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-2255

Описание

Затронутые продукты

Ссылки