SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-322

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-322

Security update for apache2

Type: security

Severity: important

Issued: 2023-02-08

Description:

This update for apache2 fixes the following issues:

- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
  backend could cause the response headers to be truncated early,
  resulting in some headers being incorporated into the response body
  (bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
  request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
  header could cause memory corruption (bsc#1207247).

References

CVE: CVE-2022-37436
CVE: CVE-2022-36760
CVE: CVE-2006-20001
Bugzilla: 1207251 VUL-0: CVE-2022-37436: apache2: mod_proxy backend HTTP response splitting
Bugzilla: 1207250 VUL-0: CVE-2022-36760: apache2: mod_proxy_ajp Possible request smuggling
Bugzilla: 1207247 VUL-0: CVE-2006-20001: apache2: mod_dav out of bounds read, or write of zero byte

Packages

apache2-2.4.51-150400.6.6.1