Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:0918-1 Important: Apache2 Update and Critical Fixes

suse
Calendar Grey March 21, 2022
Dist Suse Esm H88
Acquire the most recent SUSE security patch for apache2 that mitigates severe vulnerabilities to bolster overall system safety.
An update that fixes four vulnerabilities is now available

Summary

This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-918=1 - SUSE OpenStack Cloud Crowbar 8:

Topics%20covered

Topics Covered

security advisory buffer overflow important heap overflow SUSE HTTP request apache2

References

#1197091 #1197095 #1197096 #1197098

Cross- CVE-2022-22719 CVE-2022-22720 CVE-2022-22721

CVE-2022-23943

CVSS scores:

CVE-2022-22719 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-22719 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-22720 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22720 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2022-22721 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22721 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2022-23943 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23943 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

HPE Helion Openstack 8

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0918-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important heap overflow SUSE HTTP request apache2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here