SUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0901-1
Rating:             important
References:         #1057406 #1086774 #1086775 #1086813 #1086814 
                    #1086817 #1086820 
Cross-References:   CVE-2017-15710 CVE-2017-15715 CVE-2018-1283
                    CVE-2018-1301 CVE-2018-1303 CVE-2018-1312
                   
Affected Products:
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has one errata
   is now available.

Description:

   This update for apache2 fixes the following issues:


     * CVE-2018-1283:  when mod_session is configured to forward its session
       data to CGI applications (SessionEnv on, not the default), a remote
       user may influence their content by using a \"Session\" header leading
       to unexpected behavior [bsc#1086814].

     * CVE-2018-1301: due to an out of bound access after a size limit being
       reached by reading the HTTP header, a specially crafted request could
       lead to remote denial of service. [bsc#1086817]

     * CVE-2018-1303: a specially crafted HTTP request header could lead to
       crash due to an out of bound read while preparing data to be cached in
       shared memory.[bsc#1086813]

     * CVE-2017-15715: a regular expression could match '$' to a newline
       character in a malicious filename, rather than matching only the end
       of the filename. leading to corruption of uploaded files.[bsc#1086774]

     * CVE-2018-1312: when generating an HTTP Digest authentication
       challenge, the nonce sent to prevent reply attacks was not correctly
       generated using a pseudo-random seed. In a cluster of servers using a
       common Digest authentication configuration, HTTP requests could be
       replayed across servers by an attacker without detection. [bsc#1086775]

     * CVE-2017-15710: mod_authnz_ldap, if configured with
       AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup
       the right charset encoding when verifying the user's credentials. If
       the header value is not present in the charset conversion table, a
       fallback mechanism is used to truncate it to a two characters value to
       allow a quick retry (for example, 'en-US' is truncated to 'en'). A
       header value of less than two characters forces an out of bound write
       of one NUL byte to a memory location that is not part of the string.
       In the worst case, quite unlikely, the process would crash which could
       be used as a Denial of Service attack. In the more likely case, this
       memory is already reserved for future use and the issue has no effect
       at all. [bsc#1086820]

    * gensslcert: fall back to 'localhost' as hostname [bsc#1057406]


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2018-602=1



Package List:

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      apache2-2.4.10-14.31.1
      apache2-debuginfo-2.4.10-14.31.1
      apache2-debugsource-2.4.10-14.31.1
      apache2-example-pages-2.4.10-14.31.1
      apache2-prefork-2.4.10-14.31.1
      apache2-prefork-debuginfo-2.4.10-14.31.1
      apache2-utils-2.4.10-14.31.1
      apache2-utils-debuginfo-2.4.10-14.31.1
      apache2-worker-2.4.10-14.31.1
      apache2-worker-debuginfo-2.4.10-14.31.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      apache2-doc-2.4.10-14.31.1


References:

   https://www.suse.com/security/cve/CVE-2017-15710.html
   https://www.suse.com/security/cve/CVE-2017-15715.html
   https://www.suse.com/security/cve/CVE-2018-1283.html
   https://www.suse.com/security/cve/CVE-2018-1301.html
   https://www.suse.com/security/cve/CVE-2018-1303.html
   https://www.suse.com/security/cve/CVE-2018-1312.html
   https://bugzilla.suse.com/1057406
   https://bugzilla.suse.com/1086774
   https://bugzilla.suse.com/1086775
   https://bugzilla.suse.com/1086813
   https://bugzilla.suse.com/1086814
   https://bugzilla.suse.com/1086817
   https://bugzilla.suse.com/1086820

--

SUSE: 2018:0901-1: important: apache2

April 9, 2018
An update that solves 6 vulnerabilities and has one errata is now available.

Summary

This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * gensslcert: fall back to 'localhost' as hostname [bsc#1057406] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-602=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.31.1 apache2-debuginfo-2.4.10-14.31.1 apache2-debugsource-2.4.10-14.31.1 apache2-example-pages-2.4.10-14.31.1 apache2-prefork-2.4.10-14.31.1 apache2-prefork-debuginfo-2.4.10-14.31.1 apache2-utils-2.4.10-14.31.1 apache2-utils-debuginfo-2.4.10-14.31.1 apache2-worker-2.4.10-14.31.1 apache2-worker-debuginfo-2.4.10-14.31.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.31.1

References

#1057406 #1086774 #1086775 #1086813 #1086814

#1086817 #1086820

Cross- CVE-2017-15710 CVE-2017-15715 CVE-2018-1283

CVE-2018-1301 CVE-2018-1303 CVE-2018-1312

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-15710.html

https://www.suse.com/security/cve/CVE-2017-15715.html

https://www.suse.com/security/cve/CVE-2018-1283.html

https://www.suse.com/security/cve/CVE-2018-1301.html

https://www.suse.com/security/cve/CVE-2018-1303.html

https://www.suse.com/security/cve/CVE-2018-1312.html

https://bugzilla.suse.com/1057406

https://bugzilla.suse.com/1086774

https://bugzilla.suse.com/1086775

https://bugzilla.suse.com/1086813

https://bugzilla.suse.com/1086814

https://bugzilla.suse.com/1086817

https://bugzilla.suse.com/1086820

--

Severity
Announcement ID: SUSE-SU-2018:0901-1
Rating: important

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved