openSUSE Security Update : apache2 (openSUSE-SU-2014:1726-1)

Medium Nessus Plugin ID 80300

Synopsis

The remote openSUSE host is missing a security update.

Description

Apache2 was updated to fix bugs and security issues.

Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior [bnc#871310],

CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.

Bugfixes :

- changed apache2.service file to fix situation where apache won't start at boot when using an encrypted certificate because user isn't prompted for password during boot [bnc#792309].

- added <IfModule> around SSLSessionCache to avoid failing to start [bnc#842377], [bnc#849445] and [bnc#864166].

Solution

Update the affected apache2 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=792309

https://bugzilla.opensuse.org/show_bug.cgi?id=842377

https://bugzilla.opensuse.org/show_bug.cgi?id=849445

https://bugzilla.opensuse.org/show_bug.cgi?id=864166

https://bugzilla.opensuse.org/show_bug.cgi?id=871310

https://bugzilla.opensuse.org/show_bug.cgi?id=909715

https://lists.opensuse.org/opensuse-updates/2014-12/msg00108.html

Plugin Details

Severity: Medium

ID: 80300

File Name: openSUSE-2014-822.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/12/30

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:apache2, p-cpe:/a:novell:opensuse:apache2-debuginfo, p-cpe:/a:novell:opensuse:apache2-debugsource, p-cpe:/a:novell:opensuse:apache2-devel, p-cpe:/a:novell:opensuse:apache2-event, p-cpe:/a:novell:opensuse:apache2-event-debuginfo, p-cpe:/a:novell:opensuse:apache2-example-pages, p-cpe:/a:novell:opensuse:apache2-itk, p-cpe:/a:novell:opensuse:apache2-itk-debuginfo, p-cpe:/a:novell:opensuse:apache2-prefork, p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo, p-cpe:/a:novell:opensuse:apache2-utils, p-cpe:/a:novell:opensuse:apache2-utils-debuginfo, p-cpe:/a:novell:opensuse:apache2-worker, p-cpe:/a:novell:opensuse:apache2-worker-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/12/22

Reference Information

CVE: CVE-2013-5704, CVE-2014-8109