SUSE-SU-2023:0314-1

Опубликовано: 08 фев. 2023

Источник: suse-cvrf

Описание

Security update for apache2-mod_security2

This update for apache2-mod_security2 fixes the following issues:

CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP4

apache2-mod_security2-2.9.4-150400.3.3.1

openSUSE Leap 15.4

apache2-mod_security2-2.9.4-150400.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230314-1/
Link for SUSE-SU-2023:0314-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013707.html
E-Mail link for SUSE-SU-2023:0314-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207378
SUSE Bug 1207378
https://www.suse.com/security/cve/CVE-2022-48279/
SUSE CVE CVE-2022-48279 page

Описание

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_security2-2.9.4-150400.3.3.1

openSUSE Leap 15.4:apache2-mod_security2-2.9.4-150400.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48279.html
CVE-2022-48279
https://bugzilla.suse.com/1207378
SUSE Bug 1207378

SUSE-SU-2023:0314-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-48279

Описание

Затронутые продукты

Ссылки