Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2023:0321-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:0321-1

UNKNOWN

Security update for apache2

Published Feb 8, 2023

Modified 2 years ago

Fix available

Details

This update for apache2 fixes the following issues:

CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251).
CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250).
CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247).

Affected Packages

SUSE:Enterprise Storage 7apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Enterprise Storage 7.1apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSapache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSapache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSapache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Real Time 15 SP3apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP2-LTSSapache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server 15 SP3-LTSSapache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP3apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Proxy 4.2apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Retail Branch Server 4.2apache2-worker

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2-devel

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2-doc

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2-prefork

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2-utils

Fixed in:

2.4.51-150200.3.51.1

SUSE:Manager Server 4.2apache2-worker

Fixed in:

2.4.51-150200.3.51.1

References

REPORThttps://bugzilla.suse.com/1207247 REPORThttps://bugzilla.suse.com/1207250 REPORThttps://bugzilla.suse.com/1207251 WEBhttps://www.suse.com/security/cve/CVE-2006-20001 WEBhttps://www.suse.com/security/cve/CVE-2022-36760 WEBhttps://www.suse.com/security/cve/CVE-2022-37436 ADVISORYhttps://www.suse.com/support/update/announcement/2023/suse-su-20230321-1/

Upstream

CVE-2006-20001 CVE-2022-36760 CVE-2022-37436

Related

CVE-2006-20001 CVE-2022-36760 CVE-2022-37436

Ecosystems

SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

Timeline

PublishedFeb 8, 2023

ModifiedFeb 8, 2023