Overview

File _patchinfo of Package patchinfo.19975

<patchinfo incident="19975">
  <issue tracker="cve" id="2021-30641"/>
  <issue tracker="cve" id="2020-35452"/>
  <issue tracker="cve" id="2021-31618"/>
  <issue tracker="cve" id="2020-13950"/>
  <issue tracker="cve" id="2021-26691"/>
  <issue tracker="cve" id="2021-26690"/>
  <issue tracker="bnc" id="1187017">VUL-0: CVE-2021-26691: apache2: Heap overflow in mod_session</issue>
  <issue tracker="bnc" id="1186922">VUL-0: CVE-2020-35452: apache2: Single zero byte stack overflow in mod_auth_digest</issue>
  <issue tracker="bnc" id="1187040">VUL-0: CVE-2020-13950: apache2: mod_proxy NULL pointer dereference</issue>
  <issue tracker="bnc" id="1186923">VUL-0: CVE-2021-26690: apache2: mod_session NULL pointer dereference in parser</issue>
  <issue tracker="bnc" id="1187174">VUL-0: CVE-2021-30641: apache2: MergeSlashes regression</issue>
  <issue tracker="bnc" id="1186924">VUL-0: CVE-2021-31618: apache2: NULL pointer dereference on specially crafted HTTP/2 request</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest 
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places