Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049).
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed mod_proxy handling of very long urls (bsc#1207327)
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
Список пакетов
Container bci/php-apache:8
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Container bci/php-apache:latest
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Container suse/manager/4.3/proxy-httpd:latest
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Container suse/registry:latest
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAP
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAP-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAP-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAP-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAPCAL
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAPCAL-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAPCAL-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP4-SAPCAL-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAP-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAP-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAP-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAPCAL-Azure
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAPCAL-EC2
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
Image SLES15-SP5-SAPCAL-GCE
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
apache2-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
apache2-event-2.4.51-150400.6.11.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
apache2-devel-2.4.51-150400.6.11.1
apache2-doc-2.4.51-150400.6.11.1
apache2-worker-2.4.51-150400.6.11.1
openSUSE Leap 15.4
apache2-2.4.51-150400.6.11.1
apache2-devel-2.4.51-150400.6.11.1
apache2-doc-2.4.51-150400.6.11.1
apache2-event-2.4.51-150400.6.11.1
apache2-example-pages-2.4.51-150400.6.11.1
apache2-prefork-2.4.51-150400.6.11.1
apache2-utils-2.4.51-150400.6.11.1
apache2-worker-2.4.51-150400.6.11.1
Ссылки
- Link for SUSE-SU-2023:1658-1
- E-Mail link for SUSE-SU-2023:1658-1
- SUSE Security Ratings
- SUSE Bug 1207327
- SUSE Bug 1208708
- SUSE Bug 1209047
- SUSE Bug 1209049
- SUSE CVE CVE-2023-25690 page
- SUSE CVE CVE-2023-27522 page
Описание
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Затронутые продукты
Container bci/php-apache:8:apache2-2.4.51-150400.6.11.1
Container bci/php-apache:8:apache2-prefork-2.4.51-150400.6.11.1
Container bci/php-apache:8:apache2-utils-2.4.51-150400.6.11.1
Container bci/php-apache:latest:apache2-2.4.51-150400.6.11.1
Ссылки
- CVE-2023-25690
- SUSE Bug 1209047
- SUSE Bug 1212409
- SUSE Bug 1212865
Описание
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
Затронутые продукты
Container bci/php-apache:8:apache2-2.4.51-150400.6.11.1
Container bci/php-apache:8:apache2-prefork-2.4.51-150400.6.11.1
Container bci/php-apache:8:apache2-utils-2.4.51-150400.6.11.1
Container bci/php-apache:latest:apache2-2.4.51-150400.6.11.1
Ссылки
- CVE-2023-27522
- SUSE Bug 1209049