This update for apache2 fixes the following issues :

  - CVE-2018-1283: when mod_session is configured to forward     its session data to CGI applications (SessionEnv on, not     the default), a remote user may influence their content     by using a \'Session\' header leading to unexpected     behavior [bsc#1086814].

  - CVE-2018-1301: due to an out of bound access after a     size limit being reached by reading the HTTP header, a     specially crafted request could lead to remote denial of     service. [bsc#1086817]

  - CVE-2018-1303: a specially crafted HTTP request header     could lead to crash due to an out of bound read while     preparing data to be cached in shared     memory.[bsc#1086813]

  - CVE-2017-15715: a regular expression could match '$' to     a newline character in a malicious filename, rather than     matching only the end of the filename. leading to     corruption of uploaded files.[bsc#1086774]

  - CVE-2018-1312: when generating an HTTP Digest     authentication challenge, the nonce sent to prevent     reply attacks was not correctly generated using a     pseudo-random seed. In a cluster of servers using a     common Digest authentication configuration, HTTP     requests could be replayed across servers by an attacker     without detection. [bsc#1086775]

  - CVE-2017-15710: mod_authnz_ldap, if configured with     AuthLDAPCharsetConfig, uses the Accept-Language header     value to lookup the right charset encoding when     verifying the user's credentials. If the header value is     not present in the charset conversion table, a fallback     mechanism is used to truncate it to a two characters     value to allow a quick retry (for example, 'en-US' is     truncated to 'en'). A header value of less than two     characters forces an out of bound write of one NUL byte     to a memory location that is not part of the string. In     the worst case, quite unlikely, the process would crash     which could be used as a Denial of Service attack. In     the more likely case, this memory is already reserved     for future use and the issue has no effect at all.
    [bsc#1086820]

  - CVE-2018-1302: when an HTTP/2 stream was destroyed after     being handled, it could have written a NULL pointer     potentially to an already freed memory. The memory pools     maintained by the server make this vulnerability hard to     trigger in usual configurations, the reporter and the     team could not reproduce it outside debug builds, so it     is classified as low risk. [bsc#1086820]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:1161-1)

critical Nessus Plugin ID 109598

Version 1.7