Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2022:0929-1 Important: Apache2 Heap Overflow And Request Smuggling

suse
Calendar Grey March 22, 2022
Dist Suse Esm H88
Important SUSE patch for nginx addresses various vulnerabilities such as request forgery and possible stack overflows.
An update that fixes four vulnerabilities is now available

Summary

This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-929=1 - SUSE Linux Enterprise Server for SAP 15:

Topics%20covered

Topics Covered

security advisory buffer overflow security fix heap overflow SUSE apache2 request smuggling

References

#1197091 #1197095 #1197096 #1197098

Cross- CVE-2022-22719 CVE-2022-22720 CVE-2022-22721

CVE-2022-23943

CVSS scores:

CVE-2022-22719 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-22719 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-22720 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22720 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2022-22721 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22721 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2022-23943 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23943 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

SUSE CaaS Platform 4.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0929-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow security fix heap overflow SUSE apache2 request smuggling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here