Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:1438-1
- SUSE Security Ratings
- SUSE Bug 1190666
- SUSE Bug 1190669
- SUSE Bug 1190702
- SUSE Bug 1190703
- SUSE CVE CVE-2021-34798 page
- SUSE CVE CVE-2021-36160 page
- SUSE CVE CVE-2021-39275 page
- SUSE CVE CVE-2021-40438 page
Описание
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Ссылки
- CVE-2021-34798
- SUSE Bug 1190669
- SUSE Bug 1191297
Описание
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Затронутые продукты
Ссылки
- CVE-2021-36160
- SUSE Bug 1190702
Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Ссылки
- CVE-2021-39275
- SUSE Bug 1190666
Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Ссылки
- CVE-2021-40438
- SUSE Bug 1190703