From 208a7dc6020ce3a9721562168151814d6565ed2ee112a87f7f4b514a8b3b6dd8 Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 25 Jan 2023 16:37:03 +0000 Subject: [PATCH 1/2] Accepting request 1060983 from home:david.anes:branches:Apache - This update fixes te following security issues. * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte OBS-URL: https://build.opensuse.org/request/show/1060983 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=685 --- apache2.changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apache2.changes b/apache2.changes index af4aa97..c3542ba 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,6 +1,11 @@ ------------------------------------------------------------------- Wed Jan 18 21:54:41 UTC 2023 - David Anes +- This update fixes te following security issues. + * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting + * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling + * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte + - Update to 2.4.55: *) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting From 05ed3ad0b850587e2de59f28638fba51f25a631815020505a66479ee3db21978 Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 25 Jan 2023 16:45:25 +0000 Subject: [PATCH 2/2] Accepting request 1060991 from home:david.anes:branches:Apache - This update fixes the following security issues: OBS-URL: https://build.opensuse.org/request/show/1060991 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=686 --- apache2.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache2.changes b/apache2.changes index c3542ba..f0f24e2 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Wed Jan 18 21:54:41 UTC 2023 - David Anes -- This update fixes te following security issues. +- This update fixes the following security issues: * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte