Security update for apache2
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:0418-1
Final
1
1
2015-02-24T15:51:39Z
current
2015-02-24T15:51:39Z
2015-02-24T15:51:39Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for apache2
apache2 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-0228: Mod_lua websocket DoS (bnc#918352).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html
E-Mail link for openSUSE-SU-2015:0418-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
apache2-2.4.10-16.1
apache2-debuginfo-2.4.10-16.1
apache2-debugsource-2.4.10-16.1
apache2-devel-2.4.10-16.1
apache2-doc-2.4.10-16.1
apache2-event-2.4.10-16.1
apache2-event-debuginfo-2.4.10-16.1
apache2-example-pages-2.4.10-16.1
apache2-prefork-2.4.10-16.1
apache2-prefork-debuginfo-2.4.10-16.1
apache2-utils-2.4.10-16.1
apache2-utils-debuginfo-2.4.10-16.1
apache2-worker-2.4.10-16.1
apache2-worker-debuginfo-2.4.10-16.1
apache2-2.4.10-16.1 as a component of openSUSE 13.2
apache2-debuginfo-2.4.10-16.1 as a component of openSUSE 13.2
apache2-debugsource-2.4.10-16.1 as a component of openSUSE 13.2
apache2-devel-2.4.10-16.1 as a component of openSUSE 13.2
apache2-doc-2.4.10-16.1 as a component of openSUSE 13.2
apache2-event-2.4.10-16.1 as a component of openSUSE 13.2
apache2-event-debuginfo-2.4.10-16.1 as a component of openSUSE 13.2
apache2-example-pages-2.4.10-16.1 as a component of openSUSE 13.2
apache2-prefork-2.4.10-16.1 as a component of openSUSE 13.2
apache2-prefork-debuginfo-2.4.10-16.1 as a component of openSUSE 13.2
apache2-utils-2.4.10-16.1 as a component of openSUSE 13.2
apache2-utils-debuginfo-2.4.10-16.1 as a component of openSUSE 13.2
apache2-worker-2.4.10-16.1 as a component of openSUSE 13.2
apache2-worker-debuginfo-2.4.10-16.1 as a component of openSUSE 13.2
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
CVE-2015-0228
openSUSE 13.2:apache2-2.4.10-16.1
openSUSE 13.2:apache2-debuginfo-2.4.10-16.1
openSUSE 13.2:apache2-debugsource-2.4.10-16.1
openSUSE 13.2:apache2-devel-2.4.10-16.1
openSUSE 13.2:apache2-doc-2.4.10-16.1
openSUSE 13.2:apache2-event-2.4.10-16.1
openSUSE 13.2:apache2-event-debuginfo-2.4.10-16.1
openSUSE 13.2:apache2-example-pages-2.4.10-16.1
openSUSE 13.2:apache2-prefork-2.4.10-16.1
openSUSE 13.2:apache2-prefork-debuginfo-2.4.10-16.1
openSUSE 13.2:apache2-utils-2.4.10-16.1
openSUSE 13.2:apache2-utils-debuginfo-2.4.10-16.1
openSUSE 13.2:apache2-worker-2.4.10-16.1
openSUSE 13.2:apache2-worker-debuginfo-2.4.10-16.1
moderate
Please Install the update.
http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html
https://www.suse.com/security/cve/CVE-2015-0228.html
CVE-2015-0228
https://bugzilla.suse.com/918352
SUSE Bug 918352