Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247).
Список пакетов
Container bci/php-apache:8
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Container bci/php-apache:latest
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Container suse/manager/4.3/proxy-httpd:latest
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Container suse/registry:latest
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAP
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAP-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAP-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAP-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAPCAL
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAPCAL-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAPCAL-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP4-SAPCAL-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAP-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAP-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAP-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAPCAL-Azure
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAPCAL-EC2
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
Image SLES15-SP5-SAPCAL-GCE
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
apache2-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
apache2-event-2.4.51-150400.6.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
apache2-devel-2.4.51-150400.6.6.1
apache2-doc-2.4.51-150400.6.6.1
apache2-worker-2.4.51-150400.6.6.1
openSUSE Leap 15.4
apache2-2.4.51-150400.6.6.1
apache2-devel-2.4.51-150400.6.6.1
apache2-doc-2.4.51-150400.6.6.1
apache2-event-2.4.51-150400.6.6.1
apache2-example-pages-2.4.51-150400.6.6.1
apache2-prefork-2.4.51-150400.6.6.1
apache2-utils-2.4.51-150400.6.6.1
apache2-worker-2.4.51-150400.6.6.1
Ссылки
- Link for SUSE-SU-2023:0322-1
- E-Mail link for SUSE-SU-2023:0322-1
- SUSE Security Ratings
- SUSE Bug 1207247
- SUSE Bug 1207250
- SUSE Bug 1207251
- SUSE CVE CVE-2006-20001 page
- SUSE CVE CVE-2022-36760 page
- SUSE CVE CVE-2022-37436 page
Описание
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
Затронутые продукты
Container bci/php-apache:8:apache2-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-prefork-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-utils-2.4.51-150400.6.6.1
Container bci/php-apache:latest:apache2-2.4.51-150400.6.6.1
Ссылки
- CVE-2006-20001
- SUSE Bug 1207247
- SUSE Bug 1217021
Описание
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
Затронутые продукты
Container bci/php-apache:8:apache2-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-prefork-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-utils-2.4.51-150400.6.6.1
Container bci/php-apache:latest:apache2-2.4.51-150400.6.6.1
Ссылки
- CVE-2022-36760
- SUSE Bug 1207250
Описание
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
Затронутые продукты
Container bci/php-apache:8:apache2-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-prefork-2.4.51-150400.6.6.1
Container bci/php-apache:8:apache2-utils-2.4.51-150400.6.6.1
Container bci/php-apache:latest:apache2-2.4.51-150400.6.6.1
Ссылки
- CVE-2022-37436
- SUSE Bug 1207251