Apache2 was updated to fix security issues.

- CVE-2015-3185: The ap_some_auth_required function in server/request.c in
the Apache HTTP Server 2.4.x did not consider that a Require directive may
be associated with an authorization setting rather than an authentication
setting, which allows remote attackers to bypass intended access
restrictions in opportunistic circumstances by leveraging the presence
of a module that relies on the 2.2 API behavior. [bnc#938723]

- CVE-2015-3183: The chunked transfer coding implementation in the
Apache HTTP Server did not properly parse chunk headers, which allows
remote attackers to conduct HTTP request smuggling attacks via a crafted
request, related to mishandling of large chunk-size values and invalid
chunk-extension characters in modules/http/http_filters.c. [bnc#938728]

On openSUSE 13.1:
- CVE-2015-4000: Fix Logjam vulnerability: change the default SSLCipherSuite
cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve
Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to
generate a strong and unique Diffie Hellman Group and append it
to the server certificate file [bnc#931723].