Explore top 10 tips to secure your open-source projects now. Read More
×
This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end
#1086774 #1086775 #1086813 #1086814 #1086817
#1086820
Cross- CVE-2017-15710 CVE-2017-15715 CVE-2018-1283
CVE-2018-1301 CVE-2018-1302 CVE-2018-1303
CVE-2018-1312
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
https://www.suse.com/security/cve/CVE-2017-15710.html
https://www.suse.com/security/cve/CVE-2017-15715.html
https://www.suse.com/security/cve/CVE-2018-1283.html
https://www.suse.com/security/cve/CVE-2018-1301.html
https://www.suse.com/security/cve/CVE-2018-1302.html
https://www.suse.com/security/cve/CVE-2018-1303.html
https://www.suse.com/security/cve/CVE-2018-1312.html
https://bugzilla.suse.com/1086774
https://bugzilla.suse.com/1086775
https://bugzilla.suse.com/1086813
https://bugzilla.suse.com/1086814
Get the latest Linux and open source security news straight to your inbox.