Описание
Security update for apache2
This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0908-1
- SUSE Security Ratings
- SUSE Bug 1186922
- SUSE Bug 1186923
- SUSE Bug 1186924
- SUSE Bug 1187017
- SUSE Bug 1187040
- SUSE Bug 1187174
- SUSE CVE CVE-2020-13950 page
- SUSE CVE CVE-2020-35452 page
- SUSE CVE CVE-2021-26690 page
- SUSE CVE CVE-2021-26691 page
- SUSE CVE CVE-2021-30641 page
- SUSE CVE CVE-2021-31618 page
Описание
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Затронутые продукты
Ссылки
- CVE-2020-13950
- SUSE Bug 1187040
Описание
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
Затронутые продукты
Ссылки
- CVE-2020-35452
- SUSE Bug 1186922
- SUSE Bug 1187933
Описание
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Затронутые продукты
Ссылки
- CVE-2021-26690
- SUSE Bug 1186923
- SUSE Bug 1187933
Описание
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Затронутые продукты
Ссылки
- CVE-2021-26691
- SUSE Bug 1187017
- SUSE Bug 1187933
Описание
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Затронутые продукты
Ссылки
- CVE-2021-30641
- SUSE Bug 1187174
Описание
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
Затронутые продукты
Ссылки
- CVE-2021-31618
- SUSE Bug 1186924
- SUSE Bug 1187933