SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3522

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3522

Security update for apache2

Type: security

Severity: important

Issued: 2021-10-26

Description:

This update for apache2 fixes the following issues:

- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)

References

CVE: CVE-2021-40438
CVE: CVE-2021-39275
CVE: CVE-2021-36160
CVE: CVE-2021-34798
Bugzilla: 1190703 VUL-0: CVE-2021-40438: apache2: httpd: mod_proxy: SSRF via a crafted request uri-path
Bugzilla: 1190702 VUL-0: CVE-2021-36160: apache2: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
Bugzilla: 1190669 VUL-0: CVE-2021-34798: apache2: httpd: NULL pointer dereference via malformed requests
Bugzilla: 1190666 VUL-0: CVE-2021-39275: apache2: httpd: out-of-bounds write in ap_escape_quotes() via malicious input

Packages

apache2-2.4.43-3.32.1