{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-devel":"2.4.51-35.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-35.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2":"2.4.51-35.13.1","apache2-doc":"2.4.51-35.13.1","apache2-example-pages":"2.4.51-35.13.1","apache2-prefork":"2.4.51-35.13.1","apache2-utils":"2.4.51-35.13.1","apache2-worker":"2.4.51-35.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-35.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2":"2.4.51-35.13.1","apache2-doc":"2.4.51-35.13.1","apache2-example-pages":"2.4.51-35.13.1","apache2-prefork":"2.4.51-35.13.1","apache2-utils":"2.4.51-35.13.1","apache2-worker":"2.4.51-35.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"apache2","purl":"pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.51-35.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for apache2 fixes the following issues:\n\n- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).\n- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).\n- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).\n- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).\n\nAlso TLS 1.3 support and openssl 1.1.1 usage was disabled again as it\ncaused regressions in various usage scenarios due to the combination\nbetween openssl 1.0.2 and 1.1.1 linkage without correct symbol versions\nby other libraries / tools. (bsc#1197301 bsc#1197177 bsc#1196249)\n\n","id":"SUSE-SU-2022:0928-1","modified":"2022-03-21T18:34:20Z","published":"2022-03-21T18:34:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20220928-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196249"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197091"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197095"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197098"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197301"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22719"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22720"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22721"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23943"}],"related":["CVE-2022-22719","CVE-2022-22720","CVE-2022-22721","CVE-2022-23943"],"summary":"Security update for apache2","upstream":["CVE-2022-22719","CVE-2022-22720","CVE-2022-22721","CVE-2022-23943"]}