Accepting request 1060992 from Apache

OBS-URL: https://build.opensuse.org/request/show/1060992 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=201
2023-01-26 13:23:47 +00:00 · 2023-01-26 13:23:47 +00:00 · c17f45f66c
commit c17f45f66c
parent a0a3cc81be 05ed3ad0b8
1 changed files with 5 additions and 0 deletions
--- a/apache2.changes
+++ b/apache2.changes
@ -1,6 +1,11 @@
 -------------------------------------------------------------------
 Wed Jan 18 21:54:41 UTC 2023 - David Anes <david.anes@suse.com>

+- This update fixes the following security issues:
+  * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
+  * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
+  * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
+
 - Update to 2.4.55:
    *) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
      2.4.55 allows a backend to trigger HTTP response splitting