urlscan.io logo urlscan.io
SecurityTrails logo

www.suse.com Open in urlscan Pro
18.66.97.25  Public Scan

Back to summary
URL: https://www.suse.com/support/update/announcement/2023/suse-su-20230764-1/
Submission: On July 11 via api from CH — Scanned from DE

Form analysis 1 forms found in the DOM

https://www.suse.com/search/

<form id="searchform" action="https://www.suse.com/search/">
  <input type="text" class="search-text" name="s" placeholder="Search">
  <button type="submit" class="fa fa-search search-submit" aria-hidden="true"></button>
</form>

Text Content

Exit SUSE Federal  >
Customer Center

Contact Us

Account

HI

Update Your Account Log Out
Login Create an Account Update Your Account

English  

LANGUAGE

Choose Your Language

Deutsch English Español Français 中文(简体) 日本語 Português (Brasil)

EXPLORE

See what's happening around the world

Israel Polska 대한민국



Shop
View Cart
Exit SUSE Federal  >
Shop
Federal Solutions
Back

IT Modernization


SAP Solutions


AI and Analytics


Hybrid Cloud Solutions


Nonstop IT


Exit Federal Government

Products
Back

BUSINESS-CRITICAL LINUX

 * SUSE Linux Enterprise Server
   
   
   Run your business-critical apps in any environment

 * SUSE Enterprise Linux for SAP
   
   
   #1 operating system to run SAP workloads

 * SUSE Manager
   
   
   Infrastructure Management

ENTERPRISE CONTAINER MANAGEMENT

 * Rancher
   
   
   Kubernetes Management

 * Harvester
   
   
   Hyperconverged Infrastructure

 * NeuVector
   
   
   Zero Trust Container Security

EDGE

 * K3s
   
   
   Lightweight Kubernetes built for Edge use cases

 * SUSE Linux Enterprise Micro
   
   
   Ultra-reliable, immutable Linux operating system

 * SUSE Linux Enterprise Real Time
   
   
   Reduce system latencies & boost response times

All Products
 * Run SAP
 * SUSE for Public Cloud
 * Security

Solutions
Back

SOLUTIONS

Business-critical Linux

Run & secure cloud and on-prem workloads

Run SAP

Deliver mission-critical SAP solutions

Enterprise Container Management

Orchestrate cloud-native apps

Edge

Deploy intelligent devices to the edge

SUSE for Public Cloud

Accelerate innovation across your clouds

Security

Secure your digital enterprise

INDUSTRIES

 * Automotive
 * Telecom
 * Banking and Financial Services
 * Healthcare
 * Manufacturing
 * Retail
 * Technology & Software
 * Federal
 * Pharma
 * Energy

Support
Back

SUPPORT

Product Support
Premium Support Services

Dedicated support services from a premium team


Long Term Service Support

Stay on your existing product version


SUSE Liberty Linux

Mixed Linux Environment Support


Renew Your Support Subscription


SERVICES

Consulting Services
Training & Certification
Premium Technical Advisory Services


RESOURCES

SUSE Support User Guide
Patches & Updates
Product Documentation
Knowledgebase
SUSE Customer Center
Product Support Life Cycle
Licensing
Package Hub

Community packages for SUSE Linux Enterprise Server


Driver Search
Support Forums
Developer Services
Beta Program
Security

Partners
Back

PARTNERS

Partner Program


Find a Partner


Become a Partner


Login to the SUSE Partner Portal

Communities
Back

COMMUNITIES

Community


Blog


Forum


Academic


Open Source Projects


openSUSE.org



SUSE Israel


SUSE Polska

About
Back

ABOUT

About Us


Leadership


Careers


Newsroom


Success Stories


Investor Relations


Social Impact


SUSE Logo and Brand


Events & Webinars


Merchandise Store


Communications Preferences

Free Downloads
 
 
 
 
X




SECURITY UPDATE FOR APACHE2


SECURITY UPDATE FOR APACHE2

Announcement ID: SUSE-SU-2023:0764-1 Rating: important References:
 * #1207327
 * #1208708
 * #1209047
 * #1209049

Cross-References:
 * CVE-2023-25690
 * CVE-2023-27522

CVSS scores:
 * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
 * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
 * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
 * SUSE Linux Enterprise High Performance Computing 12 SP5
 * SUSE Linux Enterprise Server 12 SP5
 * SUSE Linux Enterprise Server for SAP Applications 12 SP5
 * SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves two vulnerabilities and has two fixes can now be
installed.


DESCRIPTION:

This update for apache2 fixes the following issues:

 * CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi
   (bsc#1209049).
 * CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy
   (bsc#1209047).

The following non-security bugs were fixed:

 * Fixed passing health check does not recover worker from its error state
   (bsc#1209047)
 * Fixed mod_proxy handling of very long urls (bsc#1207327).


PATCH INSTRUCTIONS:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

 * SUSE Linux Enterprise Software Development Kit 12 SP5
   zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-764=1
 * SUSE Linux Enterprise High Performance Computing 12 SP5
   zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1
 * SUSE Linux Enterprise Server 12 SP5
   zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1
 * SUSE Linux Enterprise Server for SAP Applications 12 SP5
   zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-764=1


PACKAGE LIST:

 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
   x86_64)
   * apache2-debugsource-2.4.51-35.25.1
   * apache2-devel-2.4.51-35.25.1
   * apache2-debuginfo-2.4.51-35.25.1
 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
   * apache2-worker-debuginfo-2.4.51-35.25.1
   * apache2-utils-debuginfo-2.4.51-35.25.1
   * apache2-debugsource-2.4.51-35.25.1
   * apache2-worker-2.4.51-35.25.1
   * apache2-utils-2.4.51-35.25.1
   * apache2-debuginfo-2.4.51-35.25.1
   * apache2-prefork-debuginfo-2.4.51-35.25.1
   * apache2-prefork-2.4.51-35.25.1
   * apache2-example-pages-2.4.51-35.25.1
   * apache2-2.4.51-35.25.1
 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
   * apache2-doc-2.4.51-35.25.1
 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
   * apache2-worker-debuginfo-2.4.51-35.25.1
   * apache2-utils-debuginfo-2.4.51-35.25.1
   * apache2-debugsource-2.4.51-35.25.1
   * apache2-worker-2.4.51-35.25.1
   * apache2-utils-2.4.51-35.25.1
   * apache2-debuginfo-2.4.51-35.25.1
   * apache2-prefork-debuginfo-2.4.51-35.25.1
   * apache2-prefork-2.4.51-35.25.1
   * apache2-example-pages-2.4.51-35.25.1
   * apache2-2.4.51-35.25.1
 * SUSE Linux Enterprise Server 12 SP5 (noarch)
   * apache2-doc-2.4.51-35.25.1
 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
   * apache2-worker-debuginfo-2.4.51-35.25.1
   * apache2-utils-debuginfo-2.4.51-35.25.1
   * apache2-debugsource-2.4.51-35.25.1
   * apache2-worker-2.4.51-35.25.1
   * apache2-utils-2.4.51-35.25.1
   * apache2-debuginfo-2.4.51-35.25.1
   * apache2-prefork-debuginfo-2.4.51-35.25.1
   * apache2-prefork-2.4.51-35.25.1
   * apache2-example-pages-2.4.51-35.25.1
   * apache2-2.4.51-35.25.1
 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
   * apache2-doc-2.4.51-35.25.1


REFERENCES:

 * https://www.suse.com/security/cve/CVE-2023-25690.html
 * https://www.suse.com/security/cve/CVE-2023-27522.html
 * https://bugzilla.suse.com/show_bug.cgi?id=1207327
 * https://bugzilla.suse.com/show_bug.cgi?id=1208708
 * https://bugzilla.suse.com/show_bug.cgi?id=1209047
 * https://bugzilla.suse.com/show_bug.cgi?id=1209049



LANGUAGE

Choose Your Language

Deutsch English Español Français 中文(简体) 日本語 Português (Brasil)

EXPLORE

See what's happening around the world

Israel Polska 대한민국

HI

Update Your Account Log Out
Login Create an Account Update Your Account
 * Careers
 * Legal
 * Anti-Slavery Statement
 * Anti-slavery
 * About
 * Communications Preferences
 * Contact Us
 * Let's Chat

 * 
 * 
 * 


Sales Number: 49-911-740-53-0
Support: Open a Support Case
© 2023 SUSE, All Rights Reserved Cookie Settings Privacy and Cookie Policy


×

Give Us Feedback

Got some feedback about the website? Let us know so we can fix it.





For support information, please visit Support.

Sales:
49-911-740-53-0
Support:
Open a Support Case

CONNECT WITH US



Feedback Form

We adapt, you succeed.


Read Privacy Policy
Required Fields*
×

2023-03-16



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.

FLAGGED

Flagged

Recategorised cookies as of 17 June 2020


BACK BUTTON BACK



Vendor Search Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Confirm My Choices



HOW WE USE COOKIES

We use cookies to give you a better experience, improve performance and analyze
traffic. Please visit our privacy policy for more information.

Accept Only Technical Cookies Accept All Cookies
View and Change Cookie Preferences