SUSE-SU-2022:0928-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220928-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0928-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0928-1
Related
Published
2022-03-21T18:34:20Z
Modified
2022-03-21T18:34:20Z
Summary
Security update for apache2
Details

This update for apache2 fixes the following issues:

  • CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
  • CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
  • CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
  • CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).

Also TLS 1.3 support and openssl 1.1.1 usage was disabled again as it caused regressions in various usage scenarios due to the combination between openssl 1.0.2 and 1.1.1 linkage without correct symbol versions by other libraries / tools. (bsc#1197301 bsc#1197177 bsc#1196249)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / apache2

Package

Name
apache2
Purl
purl:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.13.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-devel": "2.4.51-35.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / apache2

Package

Name
apache2
Purl
purl:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.13.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.13.1",
            "apache2-doc": "2.4.51-35.13.1",
            "apache2-worker": "2.4.51-35.13.1",
            "apache2-prefork": "2.4.51-35.13.1",
            "apache2": "2.4.51-35.13.1",
            "apache2-utils": "2.4.51-35.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / apache2

Package

Name
apache2
Purl
purl:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.13.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.13.1",
            "apache2-doc": "2.4.51-35.13.1",
            "apache2-worker": "2.4.51-35.13.1",
            "apache2-prefork": "2.4.51-35.13.1",
            "apache2": "2.4.51-35.13.1",
            "apache2-utils": "2.4.51-35.13.1"
        }
    ]
}