SUSE-SU-2017:0797-1 -- SLES apache2ID: oval:org.secpod.oval:def:89044749 | Date: (C)2021-07-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks . - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016-8743: Added new directive HttpProtocolOptions Strict to avoid proxy chain misinterpretation . Bugfixes: - Add missing copy of hcuri and hcexpr from the worker to the health check worker .
Platform: |
SUSE Linux Enterprise Server 12 SP2 |