Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisorysoftware updateFedoraFedora 40: 2024-937be154d8 Moderate: Apache HTTPd Response Splitting Fix
This update includes httpd version 2.4.59, fixing various security issues and bugs. See for complete details of the changes in this release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-937be154d8 2024-04-19 21:20:20.799711 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 40 Version : 2.4.59 Release : 2.fc40 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: This update includes httpd version 2.4.59, fixing various security issues and bugs. See for complete details of the changes in this release. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 15 2024 Joe Orton - 2.4.59-2 - mod_ssl: add DH param handling fix (r1916863) * Fri Apr 5 2024 Joe Orton - 2.4.59-1 - update to 2.4.59 * Thu Mar 28 2024 Joe Orton - 2.4.58-8 - rebuild to fix changelog ordering * Thu Mar 7 2024 Rahul Sundaram - 2.4.58-7 - Update Systemd security settings as part of https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening - updated httpd.service(5) (Joe Orton) * Wed Jan 24 2024 Fedora Release Engineering - 2.4.58-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 2.4.58-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2273491 - CVE-2023-38709 httpd: HTTP response splitting https://bugzilla.redhat.com/show_bug.cgi?id=2273491 [ 2 ] Bug #2273499 - CVE-2024-24795 httpd: HTTP Response Splitting in multiple modules https://bugzilla.redhat.com/show_bug.cgi?id=2273499 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-937be154d8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 19, 2024
Fedora
203
security advisoryapachememory exhaustionMageia Update 2024-0118: Apache 2.4.59 Moderate Memory Exhaustion Fix
Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in . MGASA-2024-0118 - Updated apache packages fix security vulnerabilities Publication date: 10 Apr 2024 URL: https://advisories.mageia.org/MGASA-2024-0118.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-27316, CVE-2024-24795, CVE-2023-38709 Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Credits: Bartek Nowotarski (https://nowotarski.info/) CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules (cve.mitre.org) HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. Credits: Keran Mu, Tsinghua University and Zhongguancun Laboratory. CVE-2023-38709: Apache HTTP Server: HTTP response splitting (cve.mitre.org) Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credits: Orange Tsai (@orange_8361) from DEVCORE References: - https://bugs.mageia.org/show_bug.cgi?id=33059 - https://www.openwall.com/lists/oss-security/2024/04/03/16 - https://nowotarski.info/http2-continuation-flood/ - https://www.cve.org/CVERecord?id=CVE-2024-27316 -https://www.cve.org/CVERecord?id=CVE-2024-24795 - https://www.cve.org/CVERecord?id=CVE-2023-38709 SRPMS: - 9/core/apache-2.4.59-1.mga9 . Nginx has been upgraded to version 1.24.0 addressing critical flaws such as header injection and resource exhaustion vulnerabilities.. Apache Security, Mageia Updates, HTTP/2 DoS, Response Splitting Fix, Server Security. . LinuxSecurity.com Team
Apr 10, 2024
Mageia
99
security advisorysecurity updatecriticalSlackware 15.0: 2024-095-02 Critical Nginx Vulnerability and RC Exploit
New httpd packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2024-095-01) New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.59-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: a6e6608bea8071ddfaf5ea39d2454fb9 httpd-2.4.59-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 4fdc451a95e9af68974e472df6d752c1 httpd-2.4.59-x86_64-1_slack15.0.txz Slackware -current package: 1396ecc3cf3e58a8348b7619f0dff361 n/httpd-2.4.59-i586-1.txz Slackware x86_64 -current package: 85c084fc3fda741b121515e011c1db8f n/httpd-2.4.59-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.59-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . Updated httpd packages have been released for Slackware to addresssignificant security vulnerabilities, including denial-of-service and header injection. . httpd packages, Slackware security, DoS issues, response splitting. . Severity: Critical. LinuxSecurity.com Team
Apr 04, 2024
•Critical
Slackware
217
security advisorymoderate severitysecurity patchOracle Linux 8 ELSA-2023-5050 Moderate: HTTPD HTTP Response Splitting
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-5050 https://linux.oracle.com/errata/ELSA-2023-5050.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64.rpm mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm aarch64: httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.aarch64.rpm mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm Related CVEs: CVE-2023-27522 Description of changes: httpd [2.4.37-56.0.1.7] - Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP response splitting [2.4.37-56.0.1.6] - Set vstring perORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-56.6] - Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690 [2.4.37-56.4] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [2.4.37-56] - Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling [2.4.37-55] - Resolves: #2155961 - prevent sscg creating /dhparams.pem [2.4.37-54] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [2.4.37-53] - Resolves: #2050888 - httpd with SSL fails to start unless hostname command was installed [2.4.37-52] - Add the SNI support in mod_proxy_wstunnel module for Apache httpd - Resolves: rhbz#2017543 mod_http2 [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 mod_md _______________________________________________ El-errata mailing list
Sep 14, 2023
Oracle
99
security advisorymoderatesecurity fixSlackware: 2023-018-02 Moderate: Httpd Response Splitting Fix
New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2023-018-02) New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.55-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy allows a backend to trigger HTTP response splitting. mod_proxy_ajp possible request smuggling. mod_dav out of bounds read, or write of zero byte. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-37436 https://www.cve.org/CVERecord?id=CVE-2022-36760 https://www.cve.org/CVERecord?id=CVE-2006-20001 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 85c66cd5d771faf965f9f8e02511a070 httpd-2.4.55-i486-1_slack14.0.txz Slackware x86_64 14.0 package: be99efc54597334835e089aba34d2b88 httpd-2.4.55-x86_64-1_slack14.0.txz Slackware 14.1 package: c19243e0c05c5e9d3981403e30e798b1 httpd-2.4.55-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 6d2071bbbf5feadca34289bdaf326fae httpd-2.4.55-x86_64-1_slack14.1.txz Slackware 14.2 package: 99ee5278c49c9f31fc8c17a6ed4a2886 httpd-2.4.55-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 862d8cc7c3e77baf6572cfeaf7725cd6 httpd-2.4.55-x86_64-1_slack14.2.txz Slackware 15.0 package: dafb5025faf3b8dbd9d252b693861a44 httpd-2.4.55-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 505e461a17a9070a833a84e7988262ec httpd-2.4.55-x86_64-1_slack15.0.txz Slackware -current package: e39f1c2ccff8d8473ba91020d9864298 n/httpd-2.4.55-i586-1.txz Slackware x86_64 -current package: 4382cc0fd0f4e5e598039bfc4619d4d3 n/httpd-2.4.55-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.55-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . Recent httpd updates for Slackware tackle serious security vulnerabilities, such as request smuggling and response splitting.. httpd Security Fixes, Slackware Update, Apache Security Patch. . LinuxSecurity.com Team
Jan 18, 2023
Slackware
203
security advisoryDoSarbitrary code executionMageia 7 MGASA-2020-0440 Critical: Jruby Escape Sequence Issues
Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321). . MGASA-2020-0440 - Updated jruby packages fix security vulnerabilities Publication date: 27 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0440.html Type: security Affected Mageia releases: 7 CVE: CVE-2017-17742, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-25613 Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321). Escape sequence injection vulnerability in gem owner (CVE-2019-8322). Escape sequence injection vulnerability in API response handling (CVE-2019-8323). Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324). Escape sequence injection vulnerability in errors (CVE-2019-8325). Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication (CVE-2019-16201). HTTP Response Splitting attack in the HTTP server of WEBrick (CVE-2019-16254). Code injection vulnerability (CVE-2019-16255). A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request (CVE-2020-25613). References: - https://bugs.mageia.org/show_bug.cgi?id=27402 - https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html - https://lists.debian.org/debian-lts-announce/2020/10/msg00003.html - https://bugs.mageia.org/show_bug.cgi?id=25875 - https://bugs.mageia.org/show_bug.cgi?id=27402 -https://www.cve.org/CVERecord?id=CVE-2017-17742 - https://www.cve.org/CVERecord?id=CVE-2019-8320 - https://www.cve.org/CVERecord?id=CVE-2019-8321 - https://www.cve.org/CVERecord?id=CVE-2019-8322 - https://www.cve.org/CVERecord?id=CVE-2019-8323 - https://www.cve.org/CVERecord?id=CVE-2019-8324 - https://www.cve.org/CVERecord?id=CVE-2019-8325 - https://www.cve.org/CVERecord?id=CVE-2019-16201 - https://www.cve.org/CVERecord?id=CVE-2019-16254 - https://www.cve.org/CVERecord?id=CVE-2019-16255 - https://www.cve.org/CVERecord?id=CVE-2020-25613 SRPMS: - 7/core/jruby-1.7.22-7.2.mga7 . Mageia 2021-0450 releases updates for ruby packages rectifying serious security concerns stemming from various flaws.. Mageia 7, Jruby Security, Vulnerability Fixes, Security Update, Response Splitting. . Severity: Critical. LinuxSecurity.com Team
Nov 27, 2020
•Critical
Mageia
100
security advisorymoderateapache2SUSE: 2018:2815-2 Moderate: Apache2 Request Smuggling and CRLF Injection
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2815-2 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 _______________________________________________ sle-security-updates mailing list
Oct 18, 2018
SuSE
202
security advisorymoderatesecurity fixopenSUSE 42.3: 2018:2856-1 Moderate: Apache2 Request Smuggling
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2856-1 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1046=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): apache2-2.4.23-28.1 apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-devel-2.4.23-28.1 apache2-event-2.4.23-28.1 apache2-event-debuginfo-2.4.23-28.1 apache2-example-pages-2.4.23-28.1 apache2-prefork-2.4.23-28.1 apache2-prefork-debuginfo-2.4.23-28.1 apache2-utils-2.4.23-28.1 apache2-utils-debuginfo-2.4.23-28.1 apache2-worker-2.4.23-28.1 apache2-worker-debuginfo-2.4.23-28.1 - openSUSE Leap 42.3 (noarch): apache2-doc-2.4.23-28.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/show_bug.cgi?id=1016715 https://bugzilla.suse.com/show_bug.cgi?id=1104826 -- . An openSUSE Security Update has been released to fix moderate vulnerabilities in the Apache web server. Following the guidelines is crucial for enhancing system security. openSUSE Apache Security Update, apache2 vulnerabilities, request smuggling, response splitting, moderate issue. . LinuxSecurity.com Team
Sep 25, 2018
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!