SUSE-SU-2022:0928-1 -- SLES apache2ID: oval:org.secpod.oval:def:89046164 | Date: (C)2022-04-04 (M)2024-01-29 |
Class: PATCH | Family: unix |
This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody . Also TLS 1.3 support and openssl 1.1.1 usage was disabled again as it caused regressions in various usage scenarios due to the combination between openssl 1.0.2 and 1.1.1 linkage without correct symbol versions by other libraries / tools
Platform: |
SUSE Linux Enterprise Server 12 SP5 |