Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-322


Security update for apache2


Type: security
Severity: important
Issued: 2023-02-08
Description:
This update for apache2 fixes the following issues:

- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
  backend could cause the response headers to be truncated early,
  resulting in some headers being incorporated into the response body
  (bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
  request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
  header could cause memory corruption (bsc#1207247).


              

Packages


  • apache2-2.4.51-150400.6.6.1