Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268)
- CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269)
- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
- CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAP
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAP-Azure
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAP-EC2
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAP-GCE
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAPCAL
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAPCAL-Azure
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAPCAL-EC2
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-SAPCAL-GCE
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP5-SAPCAL-Azure
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP5-SAPCAL-EC2
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP5-SAPCAL-GCE
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
apache2-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
apache2-event-2.4.51-150400.6.29.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
apache2-doc-2.4.51-150400.6.29.1
SUSE Linux Enterprise Server 15 SP4-LTSS
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Manager Proxy 4.3
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
SUSE Manager Server 4.3
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
openSUSE Leap 15.5
apache2-2.4.51-150400.6.29.1
apache2-devel-2.4.51-150400.6.29.1
apache2-doc-2.4.51-150400.6.29.1
apache2-event-2.4.51-150400.6.29.1
apache2-example-pages-2.4.51-150400.6.29.1
apache2-prefork-2.4.51-150400.6.29.1
apache2-utils-2.4.51-150400.6.29.1
apache2-worker-2.4.51-150400.6.29.1
Ссылки
- Link for SUSE-SU-2024:2624-1
- E-Mail link for SUSE-SU-2024:2624-1
- SUSE Security Ratings
- SUSE Bug 1227268
- SUSE Bug 1227269
- SUSE Bug 1227270
- SUSE Bug 1227271
- SUSE CVE CVE-2024-38475 page
- SUSE CVE CVE-2024-38476 page
- SUSE CVE CVE-2024-38477 page
- SUSE CVE CVE-2024-39573 page
Описание
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:apache2-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-prefork-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:apache2-2.4.51-150400.6.29.1
Ссылки
- CVE-2024-38475
- SUSE Bug 1227268
Описание
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:apache2-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-prefork-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:apache2-2.4.51-150400.6.29.1
Ссылки
- CVE-2024-38476
- SUSE Bug 1227269
Описание
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:apache2-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-prefork-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:apache2-2.4.51-150400.6.29.1
Ссылки
- CVE-2024-38477
- SUSE Bug 1227270
Описание
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:apache2-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-prefork-2.4.51-150400.6.29.1
Container suse/manager/4.3/proxy-httpd:latest:apache2-utils-2.4.51-150400.6.29.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:apache2-2.4.51-150400.6.29.1
Ссылки
- CVE-2024-39573
- SUSE Bug 1227271