SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2302

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2302

Security update for apache2

Type: security

Severity: important

Issued: 2022-07-06

Description:

This update for apache2 fixes the following issues:

  - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
  - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
  - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
  - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
  - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
  - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
  - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)

References

CVE: CVE-2022-31813
CVE: CVE-2022-30556
CVE: CVE-2022-30522
CVE: CVE-2022-29404
CVE: CVE-2022-28615
CVE: CVE-2022-28614
CVE: CVE-2022-26377
Bugzilla: 1200352 VUL-0: CVE-2022-30522: apache2: mod_sed denial of service
Bugzilla: 1200350 VUL-0: CVE-2022-30556: apache2: Information disclosure in mod_lua with websockets
Bugzilla: 1200348 VUL-0: CVE-2022-31813: apache2: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
Bugzilla: 1200345 VUL-0: CVE-2022-29404: apache2: Denial of service in mod_lua r:parsebody
Bugzilla: 1200341 VUL-0: CVE-2022-28615: apache2: Read beyond bounds in ap_strcmp_match()
Bugzilla: 1200340 VUL-0: CVE-2022-28614: apache2: read beyond bounds via ap_rwrite()
Bugzilla: 1200338 VUL-0: CVE-2022-26377: apache2: possible request smuggling in mod_proxy_ajp
Bugzilla: 1198913 [SLES15SP4][Build 137.1][SECURITY][FIPS] [POWER][Manual] apache2-utils: gensslcert error output about digital envelope routines:DH_generate_parameters_ex:non FIPS method:crypto/dh/dh_gen.c:31

Packages

apache2-2.4.51-150400.6.3.1