SUSE-SU-2025:02682-1

CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305)
CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303)
CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in modproxyhttp2. (bsc#1246307)
CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169)
CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306)

References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Module for Server Applications 15 SP6

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-doc": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Module for Server Applications 15 SP7

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-doc": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Server 15 SP4-LTSS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Server 15 SP5-LTSS

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP4

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP5

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Manager Proxy 4.3

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Proxy%204.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"

SUSE:Manager Server 4.3

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Server%204.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-150400.6.46.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-utils": "2.4.51-150400.6.46.1",
            "apache2": "2.4.51-150400.6.46.1",
            "apache2-worker": "2.4.51-150400.6.46.1",
            "apache2-devel": "2.4.51-150400.6.46.1",
            "apache2-doc": "2.4.51-150400.6.46.1",
            "apache2-prefork": "2.4.51-150400.6.46.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02682-1.json"