[opensuse-security] does CVE-2017-9798 affect us?
Hi, just came across https://arstechnica.com/information-technology/2017/09/ apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/, does CVE-2017-9798 affect openSUSE/SLES/SLED? Cheers Mathias -- Mathias Homann Senior Systems Engineer, IT Consultant. IT Trainer Mathias.Homann@openSUSE.org http://www.tuxonline.tech gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On Thu, Sep 21, 2017 at 09:15:25AM +0200, Mathias Homann wrote:
Hi,
just came across https://arstechnica.com/information-technology/2017/09/ apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/, does CVE-2017-9798 affect openSUSE/SLES/SLED?
It affects the Apache 2.4 versions we ship, so SLE12 and Leap 42* This needs a misconfiured .htaccess though to be exploitable. We will release updates. (Apache 2.2 affectedness is not clear.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 21.09.17 09:21, Marcus Meissner wrote:
(Apache 2.2 affectedness is not clear.)
... just want to add: if it is affected on maintained products, we will release an update too. Viele Grüße / Best regards Thomas -- Thomas Biege <thomas@suse.de>, Team Lead MaintenanceSecurity, CSSLP https://www.suse.com/security SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi, On Thu, Sep 21, 2017 at 05:25:26PM +0200, Thomas Biege wrote:
On 21.09.17 09:21, Marcus Meissner wrote:
(Apache 2.2 affectedness is not clear.)
... just want to add: if it is affected on maintained products, we will release an update too.
Further research has shown that Apache 2.2 is also affected. Updates for SUSE Linux Enterprise Server 11 are in QA. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Marcus Meissner -
Mathias Homann -
Thomas Biege