Oval Definition:	oval:org.opensuse.security:def:81187
Revision Date: 2017-06-28 Version: 1 Title: Security update for apache2 (Moderate) Description: This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065) - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062) - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed: - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830) - In gensslcert, use hostname when fqdn is too long. (bsc#1035829) Family: unix Class: patch Status: Reference(s): 1035829 1041830 1045060 1045062 1045065 CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 SUSE-SU-2017:1714-1 Platform(s): SUSE Linux Enterprise Server 12 SP2 Product(s): Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache2-2.4.23-28.1 is installed OR apache2-doc-2.4.23-28.1 is installed OR apache2-example-pages-2.4.23-28.1 is installed OR apache2-prefork-2.4.23-28.1 is installed OR apache2-utils-2.4.23-28.1 is installed OR apache2-worker-2.4.23-28.1 is installed
BACK