{"id":"SUSE-SU-2022:2099-1","summary":"Security update for apache2","details":"This update for apache2 fixes the following issues:\n\n- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)\n- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)\n- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)\n- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)\n- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)\n- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)\n- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)\n","modified":"2026-02-04T03:55:31.166228Z","published":"2022-06-16T12:46:49Z","related":["CVE-2022-26377","CVE-2022-28614","CVE-2022-28615","CVE-2022-29404","CVE-2022-30522","CVE-2022-30556","CVE-2022-31813"],"upstream":["CVE-2022-26377","CVE-2022-28614","CVE-2022-28615","CVE-2022-29404","CVE-2022-30522","CVE-2022-30556","CVE-2022-31813"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20222099-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200338"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200340"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200341"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200350"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-26377"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-29404"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-31813"}],"affected":[{"package":{"name":"apache2","ecosystem":"SUSE:HPE Helion OpenStack 8","purl":"pkg:rpm/suse/apache2&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:OpenStack Cloud 8","purl":"pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:OpenStack Cloud 9","purl":"pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%209"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:OpenStack Cloud Crowbar 8","purl":"pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:OpenStack Cloud Crowbar 9","purl":"pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server 12 SP3-LTSS","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server 12 SP3-BCL","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}},{"package":{"name":"apache2","ecosystem":"SUSE:Linux Enterprise Server 12 SP4-LTSS","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.23-29.91.1"}]}],"ecosystem_specific":{"binaries":[{"apache2":"2.4.23-29.91.1","apache2-prefork":"2.4.23-29.91.1","apache2-utils":"2.4.23-29.91.1","apache2-worker":"2.4.23-29.91.1","apache2-example-pages":"2.4.23-29.91.1","apache2-doc":"2.4.23-29.91.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2099-1.json"}}],"schema_version":"1.7.3"}