Lucene search

K
suseSuseOPENSUSE-SU-2022:1031-1
HistoryMar 29, 2022 - 12:00 a.m.

Security update for apache2 (important)

2022-03-2900:00:00
lists.opensuse.org
44
apache2
security update
vulnerabilities

EPSS

0.314

Percentile

97.0%

An update that fixes four vulnerabilities is now available.

Description:

This update for apache2 fixes the following issues:

  • CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
  • CVE-2022-22720: HTTP request smuggling due to incorrect error handling
    (bsc#1197095).
  • CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua
    (bsc#1197091).
  • CVE-2022-22721: possible buffer overflow with very large or unlimited
    LimitXMLRequestBody (bsc#1197096).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-1031=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm