Описание
Security update for apache2-mod_security2
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS
apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server 12 SP5
apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-mod_security2-2.8.0-7.6.1
SUSE OpenStack Cloud 9
apache2-mod_security2-2.8.0-7.6.1
SUSE OpenStack Cloud Crowbar 9
apache2-mod_security2-2.8.0-7.6.1
Ссылки
- Link for SUSE-SU-2023:0318-1
- E-Mail link for SUSE-SU-2023:0318-1
- SUSE Security Ratings
- SUSE Bug 1207378
- SUSE CVE CVE-2022-48279 page
Описание
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server 12 SP5:apache2-mod_security2-2.8.0-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_security2-2.8.0-7.6.1
Ссылки
- CVE-2022-48279
- SUSE Bug 1207378