Security update for apache2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0918-1 Final 1 1 2022-03-21T15:52:19Z current 2022-03-21T15:52:19Z 2022-03-21T15:52:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for apache2 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2022-918,SUSE-2022-918,SUSE-OpenStack-Cloud-8-2022-918,SUSE-OpenStack-Cloud-9-2022-918,SUSE-OpenStack-Cloud-Crowbar-8-2022-918,SUSE-OpenStack-Cloud-Crowbar-9-2022-918,SUSE-SLE-SAP-12-SP3-2022-918,SUSE-SLE-SAP-12-SP4-2022-918,SUSE-SLE-SERVER-12-SP2-BCL-2022-918,SUSE-SLE-SERVER-12-SP3-2022-918,SUSE-SLE-SERVER-12-SP3-BCL-2022-918,SUSE-SLE-SERVER-12-SP4-LTSS-2022-918 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220918-1/ Link for SUSE-SU-2022:0918-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010494.html E-Mail link for SUSE-SU-2022:0918-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1197091 SUSE Bug 1197091 https://bugzilla.suse.com/1197095 SUSE Bug 1197095 https://bugzilla.suse.com/1197096 SUSE Bug 1197096 https://bugzilla.suse.com/1197098 SUSE Bug 1197098 https://www.suse.com/security/cve/CVE-2022-22719/ SUSE CVE CVE-2022-22719 page https://www.suse.com/security/cve/CVE-2022-22720/ SUSE CVE CVE-2022-22720 page https://www.suse.com/security/cve/CVE-2022-22721/ SUSE CVE CVE-2022-22721 page https://www.suse.com/security/cve/CVE-2022-23943/ SUSE CVE CVE-2022-23943 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 apache2-2.4.23-29.88.1 apache2-doc-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-devel-2.4.23-29.88.1 apache2-event-2.4.23-29.88.1 apache2-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-doc-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-example-pages-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-prefork-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-utils-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-worker-2.4.23-29.88.1 as a component of HPE Helion OpenStack 8 apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 apache2-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-doc-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-prefork-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-utils-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-worker-2.4.23-29.88.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-doc-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-prefork-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-utils-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-worker-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 8 apache2-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-doc-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-prefork-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-utils-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-worker-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud 9 apache2-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-doc-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-prefork-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-utils-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-worker-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 8 apache2-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-doc-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-example-pages-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-prefork-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-utils-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-worker-2.4.23-29.88.1 as a component of SUSE OpenStack Cloud Crowbar 9 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22719 HPE Helion OpenStack 8:apache2-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-utils-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-worker-2.4.23-29.88.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220918-1/ https://www.suse.com/security/cve/CVE-2022-22719.html CVE-2022-22719 https://bugzilla.suse.com/1197091 SUSE Bug 1197091 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling CVE-2022-22720 HPE Helion OpenStack 8:apache2-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-utils-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-worker-2.4.23-29.88.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220918-1/ https://www.suse.com/security/cve/CVE-2022-22720.html CVE-2022-22720 https://bugzilla.suse.com/1197095 SUSE Bug 1197095 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 https://bugzilla.suse.com/1198998 SUSE Bug 1198998 https://bugzilla.suse.com/1199102 SUSE Bug 1199102 https://bugzilla.suse.com/1199495 SUSE Bug 1199495 https://bugzilla.suse.com/1204730 SUSE Bug 1204730 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22721 HPE Helion OpenStack 8:apache2-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-utils-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-worker-2.4.23-29.88.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220918-1/ https://www.suse.com/security/cve/CVE-2022-22721.html CVE-2022-22721 https://bugzilla.suse.com/1197096 SUSE Bug 1197096 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. CVE-2022-23943 HPE Helion OpenStack 8:apache2-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-doc-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-example-pages-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-prefork-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-utils-2.4.23-29.88.1 HPE Helion OpenStack 8:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-BCL:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP3-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.88.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud 9:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 8:apache2-worker-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-doc-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-example-pages-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-prefork-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-utils-2.4.23-29.88.1 SUSE OpenStack Cloud Crowbar 9:apache2-worker-2.4.23-29.88.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220918-1/ https://www.suse.com/security/cve/CVE-2022-23943.html CVE-2022-23943 https://bugzilla.suse.com/1197098 SUSE Bug 1197098 https://bugzilla.suse.com/1198430 SUSE Bug 1198430 https://bugzilla.suse.com/1200351 SUSE Bug 1200351