Описание
Security update for apache2-mod_security2
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378).
Список пакетов
SUSE Enterprise Storage 6
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Enterprise Storage 7
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Enterprise Storage 7.1
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Real Time 15 SP3
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server 15 SP1-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server 15 SP2-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Manager Proxy 4.2
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Manager Retail Branch Server 4.2
apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Manager Server 4.2
apache2-mod_security2-2.9.2-150000.3.6.1
Ссылки
- Link for SUSE-SU-2023:0317-1
- E-Mail link for SUSE-SU-2023:0317-1
- SUSE Security Ratings
- SUSE Bug 1207378
- SUSE CVE CVE-2022-48279 page
Описание
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Затронутые продукты
SUSE Enterprise Storage 6:apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Enterprise Storage 7.1:apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Enterprise Storage 7:apache2-mod_security2-2.9.2-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:apache2-mod_security2-2.9.2-150000.3.6.1
Ссылки
- CVE-2022-48279
- SUSE Bug 1207378