Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.10086
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.10086
<patchinfo incident="10086"> <issue tracker="bnc" id="1122839">CVE-2018-17199: apache2: mod_session_cookie does not respect expiry time</issue> <issue tracker="bnc" id="1131241">CVE-2019-0220: apache2: URL normalization inconsistincy</issue> <issue tracker="bnc" id="1131239">CVE-2019-0217: apache2: mod_auth_digest access control bypass</issue> <issue tracker="cve" id="2018-17199"/> <issue tracker="cve" id="2019-0217"/> <issue tracker="cve" id="2019-0220"/> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description>This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] </description> <summary>Security update for apache2</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor