Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: 2018:1161-2 Moderate: Apache2 Remote Denial of Service Fix

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
Keep informed about the most recent SUSE security bulletin concerning apache2, which tackles 7 vulnerabilities, including potential remote DoS risks.
An update that fixes 7 vulnerabilities is now available

Summary

This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end

References

#1086774 #1086775 #1086813 #1086814 #1086817

#1086820

Cross- CVE-2017-15710 CVE-2017-15715 CVE-2018-1283

CVE-2018-1301 CVE-2018-1302 CVE-2018-1303

CVE-2018-1312

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2017-15710.html

https://www.suse.com/security/cve/CVE-2017-15715.html

https://www.suse.com/security/cve/CVE-2018-1283.html

https://www.suse.com/security/cve/CVE-2018-1301.html

https://www.suse.com/security/cve/CVE-2018-1302.html

https://www.suse.com/security/cve/CVE-2018-1303.html

https://www.suse.com/security/cve/CVE-2018-1312.html

https://bugzilla.suse.com/1086774

https://bugzilla.suse.com/1086775

https://bugzilla.suse.com/1086813

https://bugzilla.suse.com/1086814

Announcement ID: SUSE-SU-2018:1161-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.