New Search

SUSE-SU-2015:0974-1 -- Security update for apache2 (moderate)

oval:org.mitre.oval:def:28696

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - mod_headers rules could be bypassed via chunked requests. Adds "MergeTrailers" directive to restore legacy behavior. (bsc#871310 CVE-2013-5704) - An empty value in Content-Type could lead to a crash through a null pointer dereference and a denial of service. (bsc#899836 CVE-2014-3581) - Remote attackers could bypass intended access restrictions in mod_lua LuaAuthzProvider when multiple Require directives with different arguments are used. (bsc#909715 CVE-2014-8109)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Server 12
Class:
patch
Reference(s):
  • SUSE-SU-2015:0974-1
  • CVE-2013-5704
  • CVE-2014-3581
  • CVE-2014-8109
  • CVE-2015-0228
Product(s):
  • apache2