An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for apache2 fixes the following issues:
CVE-2020-9490: Fixed a crash caused by a specially crafted value for the
‘Cache-Digest’ header in a HTTP/2 request (bsc#1175071).
CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi
(bsc#1175074).
CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module
logging statements were made on the wrong connection (bsc#1175070).
Solve a crash in mod_proxy_uwsgi for empty values of environment
variables. (bsc#1174052)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1285=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | i586 | < - openSUSE Leap 15.2 (i586 x86_64): | - openSUSE Leap 15.2 (i586 x86_64):.i586.rpm | |
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (i586 x86_64): | - openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm | |
openSUSE Leap | 15.2 | noarch | < - openSUSE Leap 15.2 (noarch): | - openSUSE Leap 15.2 (noarch):.noarch.rpm |