Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2022:10080-1
HistoryAug 06, 2022 - 12:00 a.m.

Security update for caddy (moderate)

2022-08-0600:00:00
lists.opensuse.org
12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

An update that fixes one vulnerability is now available.

Description:

This update for caddy fixes the following issues:

Update to version 2.5.2:

  • admin: expect quoted ETags (#4879)
  • headers: Only replace known placeholders (#4880)
  • reverseproxy: Err 503 if all upstreams unavailable
  • reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
  • fileserver: Use safe redirects in file browser
  • admin: support ETag on config endpoints (#4579)
  • caddytls: Reuse issuer between PreCheck and Issue (#4866)
  • admin: Implement /adapt endpoint (close #4465) (#4846)
  • forwardauth: Fix case when copy_headers is omitted (#4856)
  • Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
  • reverseproxy: Fix double headers in response handlers (#4847)
  • reverseproxy: Fix panic when TLS is not configured (#4848)
  • reverseproxy: Skip TLS for certain configured ports (#4843)
  • forwardauth: Support renaming copied headers, block support (#4783)
  • Add comment about xcaddy to main
  • headers: Support wildcards for delete ops (close #4830) (#4831)
  • reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
  • reverseproxy: Make TLS renegotiation optional
  • reverseproxy: Add renegotiation param in TLS client (#4784)
  • caddyhttp: Log error from CEL evaluation (fix #4832)
  • reverseproxy: Correct the tls_server_name docs (#4827)
  • reverseproxy: HTTP 504 for upstream timeouts (#4824)
  • caddytls: Make peer certificate verification pluggable (#4389)
  • reverseproxy: api: Remove misleading ‘healthy’ value
  • Fix #4822 and fix #4779
  • reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
  • ci: Fix build caching on Windows (#4811)
  • templates: Add humanize function (#4767)
  • core: Micro-optim in run() (#4810)
  • httpcaddyfile: Add {err.*} placeholder shortcut (#4798)
  • templates: Documentation consistency (#4796)
  • chore: Bump quic-go to v0.27.0 (#4782)
  • reverseproxy: Support http1.1>h2c (close #4777) (#4778)
  • rewrite: Handle fragment before query (fix #4775) [boo#1201822,
    CVE-2022-34037]
  • httpcaddyfile: Support multiple values for default_bind (#4774)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP4:

    zypper in -t patch openSUSE-2022-10080=1

OSVersionArchitecturePackageVersionFilename
openSUSE Backports SLE15-SP4aarch64- opensuse backports sle< 15-SP4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Backports SLE15-SP4i586- opensuse backports sle< 15-SP4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.i586.rpm
openSUSE Backports SLE15-SP4ppc64le- opensuse backports sle< 15-SP4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Backports SLE15-SP4s390x- opensuse backports sle< 15-SP4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.s390x.rpm
openSUSE Backports SLE15-SP4x86_64- opensuse backports sle< 15-SP4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.x86_64.rpm

Related

nessus 1
veracode 1
cve 1
prion 1
osv 2
redhatcve 1
openvas 1
github 1
nessus
nessus
openSUSE 15 Security Update : caddy (openSUSE-SU-2022:10080-1)
2022-08-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-07-25 05:56:32
cve
cve
CVE-2022-34037
2022-07-22 15:15:00
prion
prion
Cross site scripting
2022-07-22 15:15:00
osv
osv
CVE-2022-34037
2022-07-22 15:15:08
Out-of-bounds Read can lead to client side denial of service
2022-07-23 00:00:22
redhatcve
redhatcve
CVE-2022-34037
2022-07-25 05:44:03
openvas
openvas
openSUSE: Security Advisory for caddy (openSUSE-SU-2022:10080-1)
2024-03-04 00:00:00
github
github
Out-of-bounds Read can lead to client side denial of service
2022-07-23 00:00:22

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON
Related for OPENSUSE-SU-2022:10080-1
nessus1veracode1cve1prion1osv2redhatcve1openvas1github1