Описание
Security update for apache2
This update for apache2 fixes the following issues:
Security issue fixed:
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576)
Bug fixes:
- Include individual sysconfig.d files instead of the whole sysconfig.d directory.
- Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
apache2-2.4.23-13.1
apache2-devel-2.4.23-13.1
apache2-doc-2.4.23-13.1
apache2-event-2.4.23-13.1
apache2-example-pages-2.4.23-13.1
apache2-prefork-2.4.23-13.1
apache2-utils-2.4.23-13.1
apache2-worker-2.4.23-13.1
openSUSE Leap 42.3
apache2-2.4.23-13.1
apache2-devel-2.4.23-13.1
apache2-doc-2.4.23-13.1
apache2-event-2.4.23-13.1
apache2-example-pages-2.4.23-13.1
apache2-prefork-2.4.23-13.1
apache2-utils-2.4.23-13.1
apache2-worker-2.4.23-13.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2016-1
- SUSE Security Ratings
Описание
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Затронутые продукты
openSUSE Leap 42.2:apache2-2.4.23-13.1
openSUSE Leap 42.2:apache2-devel-2.4.23-13.1
openSUSE Leap 42.2:apache2-doc-2.4.23-13.1
openSUSE Leap 42.2:apache2-event-2.4.23-13.1
Ссылки
- CVE-2017-9788
- SUSE Bug 1048576