caddy-2.6.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12666 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z caddy-2.6.3-1.1 on GA media These are all security issues fixed in the caddy-2.6.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12666 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12666 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-41721/ SUSE CVE CVE-2022-41721 page openSUSE Tumbleweed caddy-2.6.3-1.1 caddy-2.6.3-1.1 as a component of openSUSE Tumbleweed A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. CVE-2022-41721 openSUSE Tumbleweed:caddy-2.6.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-41721.html CVE-2022-41721 https://bugzilla.suse.com/1207206 SUSE Bug 1207206