apache2-2.4.53-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11919-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apache2-2.4.53-1.1 on GA media These are all security issues fixed in the apache2-2.4.53-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11919 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-22719/ SUSE CVE CVE-2022-22719 page https://www.suse.com/security/cve/CVE-2022-22720/ SUSE CVE CVE-2022-22720 page https://www.suse.com/security/cve/CVE-2022-22721/ SUSE CVE CVE-2022-22721 page https://www.suse.com/security/cve/CVE-2022-23943/ SUSE CVE CVE-2022-23943 page openSUSE Tumbleweed apache2-2.4.53-1.1 apache2-2.4.53-1.1 as a component of openSUSE Tumbleweed A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22719 openSUSE Tumbleweed:apache2-2.4.53-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-22719.html CVE-2022-22719 https://bugzilla.suse.com/1197091 SUSE Bug 1197091 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling CVE-2022-22720 openSUSE Tumbleweed:apache2-2.4.53-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-22720.html CVE-2022-22720 https://bugzilla.suse.com/1197095 SUSE Bug 1197095 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 https://bugzilla.suse.com/1198998 SUSE Bug 1198998 https://bugzilla.suse.com/1199102 SUSE Bug 1199102 https://bugzilla.suse.com/1199495 SUSE Bug 1199495 https://bugzilla.suse.com/1204730 SUSE Bug 1204730 https://bugzilla.suse.com/1225670 SUSE Bug 1225670 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22721 openSUSE Tumbleweed:apache2-2.4.53-1.1 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-22721.html CVE-2022-22721 https://bugzilla.suse.com/1197096 SUSE Bug 1197096 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. CVE-2022-23943 openSUSE Tumbleweed:apache2-2.4.53-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23943.html CVE-2022-23943 https://bugzilla.suse.com/1197098 SUSE Bug 1197098 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 https://bugzilla.suse.com/1200351 SUSE Bug 1200351 https://bugzilla.suse.com/1219585 SUSE Bug 1219585