openSUSE Security Update: Security update for caddy
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10080-1
Rating:             moderate
References:         #1201822 
Cross-References:   CVE-2022-34037
CVSS scores:
                    CVE-2022-34037 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for caddy fixes the following issues:

   Update to version 2.5.2:

   * admin: expect quoted ETags (#4879)
   * headers: Only replace known placeholders (#4880)
   * reverseproxy: Err 503 if all upstreams unavailable
   * reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
   * fileserver: Use safe redirects in file browser
   * admin: support ETag on config endpoints (#4579)
   * caddytls: Reuse issuer between PreCheck and Issue (#4866)
   * admin: Implement /adapt endpoint (close #4465) (#4846)
   * forwardauth: Fix case when `copy_headers` is omitted (#4856)
   * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
   * reverseproxy: Fix double headers in response handlers (#4847)
   * reverseproxy: Fix panic when TLS is not configured (#4848)
   * reverseproxy: Skip TLS for certain configured ports (#4843)
   * forwardauth: Support renaming copied headers, block support (#4783)
   * Add comment about xcaddy to main
   * headers: Support wildcards for delete ops (close #4830) (#4831)
   * reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
   * reverseproxy: Make TLS renegotiation optional
   * reverseproxy: Add renegotiation param in TLS client (#4784)
   * caddyhttp: Log error from CEL evaluation (fix #4832)
   * reverseproxy: Correct the `tls_server_name` docs (#4827)
   * reverseproxy: HTTP 504 for upstream timeouts (#4824)
   * caddytls: Make peer certificate verification pluggable (#4389)
   * reverseproxy: api: Remove misleading 'healthy' value
   * Fix #4822 and fix #4779
   * reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
   * ci: Fix build caching on Windows (#4811)
   * templates: Add `humanize` function (#4767)
   * core: Micro-optim in run() (#4810)
   * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
   * templates: Documentation consistency (#4796)
   * chore: Bump quic-go to v0.27.0 (#4782)
   * reverseproxy: Support http1.1>h2c (close #4777) (#4778)
   * rewrite: Handle fragment before query (fix #4775) [boo#1201822,
     CVE-2022-34037]
   * httpcaddyfile: Support multiple values for `default_bind` (#4774)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP4:

      zypper in -t patch openSUSE-2022-10080=1



Package List:

   - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):

      caddy-2.5.2-bp154.2.8.1


References:

   https://www.suse.com/security/cve/CVE-2022-34037.html
   https://bugzilla.suse.com/1201822

openSUSE: 2022:10080-1 moderate: caddy

August 6, 2022
An update that fixes one vulnerability is now available

Description

This update for caddy fixes the following issues: Update to version 2.5.2: * admin: expect quoted ETags (#4879) * headers: Only replace known placeholders (#4880) * reverseproxy: Err 503 if all upstreams unavailable * reverseproxy: Adjust new TLS Caddyfile directive names (#4872) * fileserver: Use safe redirects in file browser * admin: support ETag on config endpoints (#4579) * caddytls: Reuse issuer between PreCheck and Issue (#4866) * admin: Implement /adapt endpoint (close #4465) (#4846) * forwardauth: Fix case when `copy_headers` is omitted (#4856) * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) * reverseproxy: Fix double headers in response handlers (#4847) * reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Skip TLS for certain configured ports (#4843) * forwardauth: Support renaming copied headers, block support (#4783) * Add comment about xcaddy to main * headers: Support wildcards for delete ops (close #4830) (#4831) * reverseproxy: Dynamic ServerName for TLS upstreams (#4836) * reverseproxy: Make TLS renegotiation optional * reverseproxy: Add renegotiation param in TLS client (#4784) * caddyhttp: Log error from CEL evaluation (fix #4832) * reverseproxy: Correct the `tls_server_name` docs (#4827) * reverseproxy: HTTP 504 for upstream timeouts (#4824) * caddytls: Make peer certificate verification pluggable (#4389) * reverseproxy: api: Remove misleading 'healthy' value * Fix #4822 and fix #4779 * reverseproxy: Add --internal-certs CLI flag #3589 (#4817) * ci: Fix build caching on Windows (#4811) * templates: Add `humanize` function (#4767) * core: Micro-optim in run() (#4810) * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) * templates: Documentation consistency (#4796) * chore: Bump quic-go to v0.27.0 (#4782) * reverseproxy: Support http1.1>h2c (close #4777) (#4778) * rewrite: Handle fragment before query (fix #4775) [boo#1201822, CVE-2022-34037] * httpcaddyfile: Support multiple values for `default_bind` (#4774)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10080=1


Package List

- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): caddy-2.5.2-bp154.2.8.1


References

https://www.suse.com/security/cve/CVE-2022-34037.html https://bugzilla.suse.com/1201822


Severity
Announcement ID: openSUSE-SU-2022:10080-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 .

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved