SUSE: 2021:2004-1 Critical: Apache2 Security Patch Overview
suse
June 17, 2021
An update that solves 6 vulnerabilities and has two fixes is now available
Summary
This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression (bsc#1187174) - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request (bsc#1186924) - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest (bsc#1186922) - CVE-2021-26690: Fixed mod_session NULL pointer dereference in parser (bsc#1186923) - CVE-2021-26691: Fixed Heap overflow in mod_session (bsc#1187017) - Fixed potential content spoofing with default error pages (bsc#1182703) - Fixed for an issue when 'gensslcert' does not set CA:True. (bsc#1180530) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
#1145740 #1180530 #1182703 #1186922 #1186923
#1186924 #1187017 #1187174
Cross- CVE-2019-10092 CVE-2020-35452 CVE-2021-26690
CVE-2021-26691 CVE-2021-30641 CVE-2021-31618
CVSS scores:
CVE-2019-10092 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2019-10092 (SUSE): 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVE-2020-35452 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2020-35452 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-26690 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-26691 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-30641 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2021:2004-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!