Overview

File _patchinfo of Package patchinfo.42012

<patchinfo incident="42012">
  <issue tracker="bnc" id="1254515">VUL-0: CVE-2025-66200: apache2: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo</issue>
  <issue tracker="bnc" id="1254511">VUL-0: CVE-2025-55753: apache2: Apache HTTP Server: mod_md (ACME), unintended retry intervals</issue>
  <issue tracker="bnc" id="1254514">VUL-0: CVE-2025-65082: apache2: Apache HTTP Server: CGI environment variable override</issue>
  <issue tracker="bnc" id="1254512">VUL-0: CVE-2025-58098: apache2: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...</issue>
  <issue tracker="cve" id="2025-58098"/>
  <issue tracker="cve" id="2025-66200"/>
  <issue tracker="cve" id="2025-65082"/>
  <issue tracker="cve" id="2025-55753"/>
  <packager>mschreiner</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
- CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
- CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
- CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places