openSUSE Security Update : apache2 (openSUSE-SU-2014:1726-1)

Medium Nessus Plugin ID 80300


The remote openSUSE host is missing a security update.


Apache2 was updated to fix bugs and security issues.

Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior [bnc#871310],

CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.

Bugfixes :

- changed apache2.service file to fix situation where apache won't start at boot when using an encrypted certificate because user isn't prompted for password during boot [bnc#792309].

- added <IfModule> around SSLSessionCache to avoid failing to start [bnc#842377], [bnc#849445] and [bnc#864166].


Update the affected apache2 packages.

See Also

Plugin Details

Severity: Medium

ID: 80300

File Name: openSUSE-2014-822.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2014/12/30

Modified: 2015/07/26

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:apache2, p-cpe:/a:novell:opensuse:apache2-debuginfo, p-cpe:/a:novell:opensuse:apache2-debugsource, p-cpe:/a:novell:opensuse:apache2-devel, p-cpe:/a:novell:opensuse:apache2-event, p-cpe:/a:novell:opensuse:apache2-event-debuginfo, p-cpe:/a:novell:opensuse:apache2-example-pages, p-cpe:/a:novell:opensuse:apache2-itk, p-cpe:/a:novell:opensuse:apache2-itk-debuginfo, p-cpe:/a:novell:opensuse:apache2-prefork, p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo, p-cpe:/a:novell:opensuse:apache2-utils, p-cpe:/a:novell:opensuse:apache2-utils-debuginfo, p-cpe:/a:novell:opensuse:apache2-worker, p-cpe:/a:novell:opensuse:apache2-worker-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/12/22

Reference Information

CVE: CVE-2013-5704, CVE-2014-8109