Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE 15.4-15.5: 2023:4513-1 critical: apache2-mod_jk path traversal

opensuse
Calendar Grey November 21, 2023
Dist Opensuse Esm H88
An update for apache2-mod_jk has been released, addressing critical vulnerabilities. It’s advisable to apply the suggested updates using zypper on your openSUSE system.
This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from mod_unique_id

Description

This update for apache2-mod_jk fixes the following issues:

Update to version 1.2.49: Apache * Retrieve default request id from

mod_unique_id. It can also be taken from an arbitrary environment variable by

configuring "JkRequestIdIndicator". * Don't delegate the generatation of the

response body to httpd when the status code represents an error if the request

used the HEAD method. * Only export the main module symbol. Visibility of module

internal symbols led to crashes when conflicting with library symbols. Based on

a patch provided by Josef Čejka. * Remove support for implicit mapping of

requests to workers. All mappings must now be explicit. IIS * Set default

request id as a GUID. It can also be taken from an arbitrary request header by

configuring "request_id_header". * Fix non-empty check for the Translate header.

Common * Fix compiler warning when initializing and copying fixed length

strings. * Add a request id to mod_jk log lines. * Enable configure to find the

correct...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue update important threat mitigation important fix path traversal openSUSE request handling apache2-mod_jk

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-4513=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-4513=1

* Server Applications Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4513=1

* Server Applications Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4513=1

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)

* apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1

* apache2-mod_jk-debugsource-1.2.49-150100.6.6.1

* apache2-mod_jk-1.2.49-150100.6.6.1

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)

* apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1

* apache2-mod_jk-debugsource-1.2.49-150100.6.6.1

* apache2-mod_jk-1.2.49-150100.6.6.1

* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)

* apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1

* apache2-mod_jk-debugsource-1.2.49-150100.6.6.1

* apache2-mod_jk-1.2.49-150100.6.6.1

* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)

* apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1

* apache2-mod_jk-debugsource-1.2.49-150100.6.6.1

* apache2-mod_jk-1.2.49-150100.6.6.1

References

* bsc#1114612

## References:

* https://www.suse.com/security/cve/CVE-2018-11759.html

* https://bugzilla.suse.com/show_bug.cgi?id=1114612

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4513-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue update important threat mitigation important fix path traversal openSUSE request handling apache2-mod_jk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here