SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2021:2127-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.4.2021.2127.1

Kategorie: SuSE Local Security Checks

Titel: SUSE: Security Advisory (SUSE-SU-2021:2127-1)

Zusammenfassung: The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2021:2127-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2021:2127-1 advisory.

Vulnerability Insight:
This update for apache2 fixes the following issues:

fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression

fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on
specially crafted HTTP/2 request

fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference

fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in
mod_auth_digest

fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference
in parser

fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session

Affected Software/OS:
'apache2' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3, SUSE Linux Enterprise Module for Server Applications 15-SP2, SUSE Linux Enterprise Module for Server Applications 15-SP3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-13950
Common Vulnerability Exposure (CVE) ID: CVE-2020-35452
Common Vulnerability Exposure (CVE) ID: CVE-2021-26690
Common Vulnerability Exposure (CVE) ID: CVE-2021-26691
Common Vulnerability Exposure (CVE) ID: CVE-2021-30641
Common Vulnerability Exposure (CVE) ID: CVE-2021-31618

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.4.2021.2127.1
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory (SUSE-SU-2021:2127-1)
Zusammenfassung:	The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2021:2127-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2021:2127-1 advisory. Vulnerability Insight: This update for apache2 fixes the following issues: fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Affected Software/OS: 'apache2' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3, SUSE Linux Enterprise Module for Server Applications 15-SP2, SUSE Linux Enterprise Module for Server Applications 15-SP3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-13950 Common Vulnerability Exposure (CVE) ID: CVE-2020-35452 Common Vulnerability Exposure (CVE) ID: CVE-2021-26690 Common Vulnerability Exposure (CVE) ID: CVE-2021-26691 Common Vulnerability Exposure (CVE) ID: CVE-2021-30641 Common Vulnerability Exposure (CVE) ID: CVE-2021-31618
Copyright	Copyright (C) 2021 Greenbone Networks GmbH