Recommended update for apache2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0689-1 Final 1 1 2014-09-11T22:20:05Z current 2014-09-11T22:20:05Z 2014-09-11T22:20:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for apache2 This update for the Apache Web Server introduces directives to control two protocol options: * HttpContentLengthHeadZero: Allow responses to HEAD request with Content-Length of 0 * HttpExpectStrict: Allow the administrator to control whether clients must send '100-continue' MODULE_MAGIC_NUMBER_MINOR has been increased to 24, as this change is not forward-compatible. Modules built against this release might not work correctly with older releases of the Apache Web Server. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-apache2,slessp3-apache2 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ Link for SUSE-SU-2015:0689-1 https://lists.suse.com/pipermail/sle-security-updates/2015-April/001337.html E-Mail link for SUSE-SU-2015:0689-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/713970 SUSE Bug 713970 https://bugzilla.suse.com/791794 SUSE Bug 791794 https://bugzilla.suse.com/815621 SUSE Bug 815621 https://bugzilla.suse.com/829056 SUSE Bug 829056 https://bugzilla.suse.com/829057 SUSE Bug 829057 https://bugzilla.suse.com/844212 SUSE Bug 844212 https://bugzilla.suse.com/852401 SUSE Bug 852401 https://bugzilla.suse.com/859916 SUSE Bug 859916 https://bugzilla.suse.com/869105 SUSE Bug 869105 https://bugzilla.suse.com/869106 SUSE Bug 869106 https://bugzilla.suse.com/871310 SUSE Bug 871310 https://bugzilla.suse.com/887765 SUSE Bug 887765 https://bugzilla.suse.com/887768 SUSE Bug 887768 https://bugzilla.suse.com/894225 SUSE Bug 894225 https://bugzilla.suse.com/899836 SUSE Bug 899836 https://bugzilla.suse.com/904427 SUSE Bug 904427 https://bugzilla.suse.com/907339 SUSE Bug 907339 https://bugzilla.suse.com/907477 SUSE Bug 907477 https://www.suse.com/security/cve/CVE-2003-1418/ SUSE CVE CVE-2003-1418 page https://www.suse.com/security/cve/CVE-2013-1862/ SUSE CVE CVE-2013-1862 page https://www.suse.com/security/cve/CVE-2013-1896/ SUSE CVE CVE-2013-1896 page https://www.suse.com/security/cve/CVE-2013-5704/ SUSE CVE CVE-2013-5704 page https://www.suse.com/security/cve/CVE-2013-6438/ SUSE CVE CVE-2013-6438 page https://www.suse.com/security/cve/CVE-2014-0098/ SUSE CVE CVE-2014-0098 page https://www.suse.com/security/cve/CVE-2014-0226/ SUSE CVE CVE-2014-0226 page https://www.suse.com/security/cve/CVE-2014-0231/ SUSE CVE CVE-2014-0231 page https://www.suse.com/security/cve/CVE-2014-3581/ SUSE CVE CVE-2014-3581 page SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-2.2.12-1.50.1 apache2-devel-2.2.12-1.50.1 apache2-doc-2.2.12-1.50.1 apache2-example-pages-2.2.12-1.50.1 apache2-prefork-2.2.12-1.50.1 apache2-utils-2.2.12-1.50.1 apache2-worker-2.2.12-1.50.1 apache2-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-doc-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-example-pages-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-prefork-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-utils-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-worker-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3 apache2-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-doc-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-example-pages-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-prefork-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-utils-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-worker-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA apache2-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-doc-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-example-pages-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-prefork-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-utils-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-worker-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 apache2-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-devel-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-doc-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-example-pages-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-prefork-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-utils-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 apache2-worker-2.2.12-1.50.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). CVE-2003-1418 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2003-1418.html CVE-2003-1418 https://bugzilla.suse.com/713970 SUSE Bug 713970 https://bugzilla.suse.com/907477 SUSE Bug 907477 https://bugzilla.suse.com/917402 SUSE Bug 917402 https://bugzilla.suse.com/970126 SUSE Bug 970126 mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. CVE-2013-1862 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2013-1862.html CVE-2013-1862 https://bugzilla.suse.com/829056 SUSE Bug 829056 https://bugzilla.suse.com/829057 SUSE Bug 829057 https://bugzilla.suse.com/834475 SUSE Bug 834475 https://bugzilla.suse.com/844212 SUSE Bug 844212 mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. CVE-2013-1896 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2013-1896.html CVE-2013-1896 https://bugzilla.suse.com/829056 SUSE Bug 829056 https://bugzilla.suse.com/829057 SUSE Bug 829057 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." CVE-2013-5704 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2013-5704.html CVE-2013-5704 https://bugzilla.suse.com/871310 SUSE Bug 871310 https://bugzilla.suse.com/914535 SUSE Bug 914535 https://bugzilla.suse.com/930944 SUSE Bug 930944 https://bugzilla.suse.com/938728 SUSE Bug 938728 The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. CVE-2013-6438 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2013-6438.html CVE-2013-6438 https://bugzilla.suse.com/869105 SUSE Bug 869105 https://bugzilla.suse.com/869106 SUSE Bug 869106 https://bugzilla.suse.com/887765 SUSE Bug 887765 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. CVE-2014-0098 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2014-0098.html CVE-2014-0098 https://bugzilla.suse.com/869106 SUSE Bug 869106 https://bugzilla.suse.com/887765 SUSE Bug 887765 Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. CVE-2014-0226 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2014-0226.html CVE-2014-0226 https://bugzilla.suse.com/887765 SUSE Bug 887765 The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. CVE-2014-0231 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2014-0231.html CVE-2014-0231 https://bugzilla.suse.com/887768 SUSE Bug 887768 The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. CVE-2014-3581 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-worker-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-devel-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-doc-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-example-pages-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-prefork-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-utils-2.2.12-1.50.1 SUSE Linux Enterprise Software Development Kit 11 SP3:apache2-worker-2.2.12-1.50.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150689-1/ https://www.suse.com/security/cve/CVE-2014-3581.html CVE-2014-3581 https://bugzilla.suse.com/899836 SUSE Bug 899836