SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2127

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2127

Security update for apache2

Type: security

Severity: important

Issued: 2021-06-22

Description:

This update for apache2 fixes the following issues:

- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest 
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session

References

CVE: CVE-2021-31618
CVE: CVE-2021-30641
CVE: CVE-2021-26691
CVE: CVE-2021-26690
CVE: CVE-2020-35452
CVE: CVE-2020-13950
Bugzilla: 1187174 VUL-0: CVE-2021-30641: apache2: MergeSlashes regression
Bugzilla: 1187040 VUL-0: CVE-2020-13950: apache2: mod_proxy NULL pointer dereference
Bugzilla: 1187017 VUL-0: CVE-2021-26691: apache2: Heap overflow in mod_session
Bugzilla: 1186924 VUL-0: CVE-2021-31618: apache2: NULL pointer dereference on specially crafted HTTP/2 request
Bugzilla: 1186923 VUL-0: CVE-2021-26690: apache2: mod_session NULL pointer dereference in parser
Bugzilla: 1186922 VUL-0: CVE-2020-35452: apache2: Single zero byte stack overflow in mod_auth_digest

Packages

apache2-2.4.43-3.22.1