Overview

File _patchinfo of Package patchinfo.39442

<patchinfo incident="39442">
  <issue tracker="bnc" id="1233165">REGRESSION: apache2 mod_http2 modules does not load anymore due to missing sym ap_thread_create</issue>
  <issue tracker="bnc" id="1227270">VUL-0: CVE-2024-38477: apache2,apache2-tls13: httpd: null pointer dereference in mod_proxy</issue>
  <issue tracker="bnc" id="1227353">VUL-0: CVE-2024-39884: apache2: source code disclosure with handlers configured via AddType</issue>
  <issue tracker="bnc" id="1228097">VUL-0: CVE-2024-40725: apache2: source code disclosure of local content</issue>
  <issue tracker="bnc" id="1227271">VUL-0: CVE-2024-39573: apache2,apache2-tls13: httpd: potential SSRF in mod_rewrite</issue>
  <issue tracker="cve" id="2024-38477"/>
  <issue tracker="cve" id="2024-39884"/>
  <issue tracker="cve" id="2024-40725"/>
  <issue tracker="cve" id="2024-39573"/>
  <packager>mschreiner</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270).
- CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType (bsc#1227271).
- CVE-2024-39884: Fixed source code disclosure of local content (bsc#1227353).
- CVE-2024-40725: Fixed potential SSRF in mod_rewrite (bsc#1228097).

Other bugfixes:

- Fixed a regression in module loading due to missing sym ap_thread_create (bsc#1233165).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places