Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2023:2054-1 Critical Patch For Apache Vulnerabilities

suse
Calendar Grey June 11, 2021
Dist Suse Esm H88
SUSE Security Update for nginx tackles severe vulnerabilities, improves efficiency, and resolves numerous defects.
An update that solves 5 vulnerabilities and has three fixes is now available

Summary

This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918) - CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921) - CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919) - CVE-2021-31806: Handle more Range requests (bsc#1185916) - CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436) - Handle more partial responses (bsc#1185923) - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569). - use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164). - Reinstate permissions macros for pinger binary, because the permissions

Topics%20covered

Topics Covered

security advisory memory leak squid SUSE HTTP request important update cache manager

References

#1171164 #1171569 #1183436 #1185916 #1185918

#1185919 #1185921 #1185923

Cross- CVE-2020-25097 CVE-2021-28651 CVE-2021-28652

CVE-2021-28662 CVE-2021-31806

CVSS scores:

CVE-2020-25097 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVE-2020-25097 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28651 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CVE-2021-28652 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28652 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2021-28662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-28662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1961-1
Rating: important

Topics%20covered

Topics Covered

security advisory memory leak squid SUSE HTTP request important update cache manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here