SUSE-SU-2022:4488-1

Опубликовано: 14 дек. 2022

Источник: suse-cvrf

Описание

Security update for apache2-mod_wsgi

This update for apache2-mod_wsgi fixes the following issues:

CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

Список пакетов

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

SUSE Linux Enterprise Module for Public Cloud 15 SP1

apache2-mod_wsgi-4.5.18-150000.4.6.1

SUSE Linux Enterprise Module for Public Cloud 15 SP2

apache2-mod_wsgi-4.5.18-150000.4.6.1

SUSE Linux Enterprise Module for Public Cloud 15 SP3

apache2-mod_wsgi-4.5.18-150000.4.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP4

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

SUSE Manager Proxy Module 4.1

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

SUSE Manager Proxy Module 4.2

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

SUSE Manager Proxy Module 4.3

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

openSUSE Leap 15.3

apache2-mod_wsgi-4.5.18-150000.4.6.1

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

openSUSE Leap 15.4

apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224488-1/
Link for SUSE-SU-2022:4488-1
https://lists.suse.com/pipermail/sle-updates/2022-December/026894.html
E-Mail link for SUSE-SU-2022:4488-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201634
SUSE Bug 1201634
https://www.suse.com/security/cve/CVE-2022-2255/
SUSE CVE CVE-2022-2255 page

Описание

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Затронутые продукты

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:apache2-mod_wsgi-python3-4.5.18-150000.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2255.html
CVE-2022-2255
https://bugzilla.suse.com/1201634
SUSE Bug 1201634

SUSE-SU-2022:4488-1

Описание

Список пакетов

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

SUSE Linux Enterprise Module for Public Cloud 15 SP1

SUSE Linux Enterprise Module for Public Cloud 15 SP2

SUSE Linux Enterprise Module for Public Cloud 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP4

SUSE Manager Proxy Module 4.1

SUSE Manager Proxy Module 4.2

SUSE Manager Proxy Module 4.3

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-2255

Описание

Затронутые продукты

Ссылки