Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Critical Apache2 Buffer Overflow in SUSE Linux Enterprise 12-SP5 Update

suse
Calendar Grey February 16, 2022
Dist Suse Esm H88
SUSE Security Patch for nginx addresses vulnerabilities like memory corruption and NULL pointer dereference, carrying significant consequences.
An update that fixes two vulnerabilities, contains one feature is now available

Summary

This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed a buffer overflow when parsing multipart content in mod_lua (bsc#1193942) This update also enables TLS 1.3 support, by building against openssl 1.1 [jsc#SLE-18664] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-440=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-440=1 Package List:

Topics%20covered

Topics Covered

security advisory buffer overflow apache2 SUSE Linux Enterprise NULL dereference CVE-2021-44224 CVE-2021-44790

References

#1193942 #1193943 SLE-18664

Cross- CVE-2021-44224 CVE-2021-44790

CVSS scores:

CVE-2021-44224 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-44790 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

https://www.suse.com/security/cve/CVE-2021-44224.html

https://www.suse.com/security/cve/CVE-2021-44790.html

https://bugzilla.suse.com/1193942

https://bugzilla.suse.com/1193943

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0440-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow apache2 SUSE Linux Enterprise NULL dereference CVE-2021-44224 CVE-2021-44790

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here