What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2815-2
Rating:             moderate
References:         #1016715 #1104826 
Cross-References:   CVE-2016-4975 CVE-2016-8743
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for apache2 fixes the following issues:

   Security issues fixed:

   - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from
     requests and sent in response lines and headers. Accepting these
     different behaviors represented a security concern when httpd
     participates in any chain of proxies or interacts with back-end
     application servers, either through mod_proxy or using conventional CGI
     mechanisms, and may result in request smuggling, response splitting and
     cache pollution. (bsc#1016715)
   - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response
     splitting attacks for sites which use mod_userdir. This issue was
     mitigated by changes which prohibit CR or LF injection into the
     "Location" or other outbound header key or value. (bsc#1104826)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      apache2-doc-2.4.23-29.24.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      apache2-2.4.23-29.24.1
      apache2-debuginfo-2.4.23-29.24.1
      apache2-debugsource-2.4.23-29.24.1
      apache2-example-pages-2.4.23-29.24.1
      apache2-prefork-2.4.23-29.24.1
      apache2-prefork-debuginfo-2.4.23-29.24.1
      apache2-utils-2.4.23-29.24.1
      apache2-utils-debuginfo-2.4.23-29.24.1
      apache2-worker-2.4.23-29.24.1
      apache2-worker-debuginfo-2.4.23-29.24.1


References:

   https://www.suse.com/security/cve/CVE-2016-4975.html
   https://www.suse.com/security/cve/CVE-2016-8743.html
   https://bugzilla.suse.com/1016715
   https://bugzilla.suse.com/1104826

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2018:2815-2 moderate: apache2

October 18, 2018
An update that fixes two vulnerabilities is now available

Summary

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1

References

#1016715 #1104826

Cross- CVE-2016-4975 CVE-2016-8743

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2016-4975.html

https://www.suse.com/security/cve/CVE-2016-8743.html

https://bugzilla.suse.com/1016715

https://bugzilla.suse.com/1104826

Severity
Announcement ID: SUSE-SU-2018:2815-2
Rating: moderate

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo