Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
- CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)
Список пакетов
Container bci/php-apache:latest
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/server:latest
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Container suse/registry:latest
apache2-utils-2.4.58-150600.5.11.1
Image SLES15-SP6-SAP
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAP-Azure
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAP-EC2
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAP-GCE
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAPCAL
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAPCAL-Azure
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAPCAL-EC2
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
Image SLES15-SP6-SAPCAL-GCE
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
apache2-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
apache2-event-2.4.58-150600.5.11.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
apache2-devel-2.4.58-150600.5.11.1
apache2-utils-2.4.58-150600.5.11.1
apache2-worker-2.4.58-150600.5.11.1
openSUSE Leap 15.6
apache2-2.4.58-150600.5.11.1
apache2-devel-2.4.58-150600.5.11.1
apache2-event-2.4.58-150600.5.11.1
apache2-manual-2.4.58-150600.5.11.1
apache2-prefork-2.4.58-150600.5.11.1
apache2-utils-2.4.58-150600.5.11.1
apache2-worker-2.4.58-150600.5.11.1
Ссылки
- Link for SUSE-SU-2024:2405-1
- E-Mail link for SUSE-SU-2024:2405-1
- SUSE Security Ratings
- SUSE Bug 1227270
- SUSE Bug 1227271
- SUSE CVE CVE-2024-38477 page
- SUSE CVE CVE-2024-39573 page
Описание
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Затронутые продукты
Container bci/php-apache:latest:apache2-2.4.58-150600.5.11.1
Container bci/php-apache:latest:apache2-prefork-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest:apache2-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest:apache2-prefork-2.4.58-150600.5.11.1
Ссылки
- CVE-2024-38477
- SUSE Bug 1227270
Описание
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Затронутые продукты
Container bci/php-apache:latest:apache2-2.4.58-150600.5.11.1
Container bci/php-apache:latest:apache2-prefork-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest:apache2-2.4.58-150600.5.11.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest:apache2-prefork-2.4.58-150600.5.11.1
Ссылки
- CVE-2024-39573
- SUSE Bug 1227271