SUSE: 2018:0901-1 Important: Apache2 Denial Of Service Issues

suse

April 9, 2018

An update that solves 6 vulnerabilities and has one errata is now available.

Summary

This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end

Topics Covered

security advisory denial of service important SUSE session management apache2

References

#1057406 #1086774 #1086775 #1086813 #1086814

#1086817 #1086820

Cross- CVE-2017-15710 CVE-2017-15715 CVE-2018-1283

CVE-2018-1301 CVE-2018-1303 CVE-2018-1312

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-15710.html

https://www.suse.com/security/cve/CVE-2017-15715.html

https://www.suse.com/security/cve/CVE-2018-1283.html

https://www.suse.com/security/cve/CVE-2018-1301.html

https://www.suse.com/security/cve/CVE-2018-1303.html

https://www.suse.com/security/cve/CVE-2018-1312.html

https://bugzilla.suse.com/1057406

https://bugzilla.suse.com/1086774

https://bugzilla.suse.com/1086775

https://bugzilla.suse.com/1086813

https://bugzilla.suse.com/1086814

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:0901-1

Rating: important

Topics Covered

security advisory denial of service important SUSE session management apache2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:0901-1 Important: Apache2 Denial Of Service Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:0901-1 Important: Apache2 Denial Of Service Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!