Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1792-1

Опубликовано: 31 окт. 2020
Источник: suse-cvrf

Описание

Security update for apache2

This update for apache2 fixes the following issues:

  • Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update. (bsc#1178074)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
apache2-2.4.33-lp151.8.21.1
apache2-devel-2.4.33-lp151.8.21.1
apache2-doc-2.4.33-lp151.8.21.1
apache2-event-2.4.33-lp151.8.21.1
apache2-example-pages-2.4.33-lp151.8.21.1
apache2-prefork-2.4.33-lp151.8.21.1
apache2-utils-2.4.33-lp151.8.21.1
apache2-worker-2.4.33-lp151.8.21.1

Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
openSUSE Leap 15.1:apache2-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-devel-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-doc-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-event-2.4.33-lp151.8.21.1
Ссылки

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Затронутые продукты
openSUSE Leap 15.1:apache2-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-devel-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-doc-2.4.33-lp151.8.21.1
openSUSE Leap 15.1:apache2-event-2.4.33-lp151.8.21.1
Ссылки