SUSE: 2019:0889-1 Important: Apache2 Access Control Issues
suse
April 5, 2019
An update that fixes three vulnerabilities is now available
Summary
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured
Topics Covered
References
#1122839 #1131239 #1131241
Cross- CVE-2018-17199 CVE-2019-0217 CVE-2019-0220
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
https://www.suse.com/security/cve/CVE-2018-17199.html
https://www.suse.com/security/cve/CVE-2019-0217.html
https://www.suse.com/security/cve/CVE-2019-0220.html
https://bugzilla.suse.com/1122839
https://bugzilla.suse.com/1131239
https://bugzilla.suse.com/1131241
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:0889-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!