SUSE-SU-2025:02565-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202502565-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02565-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:02565-1
Upstream
Related
Published
2025-07-31T06:27:04Z
Modified
2025-07-31T17:45:26.113286Z
Summary
Security update for apache2
Details

This update for apache2 fixes the following issues:

  • CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
  • CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305)
  • CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303)
  • CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
  • CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in modproxyhttp2. (bsc#1246307)
  • CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169)
  • CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306)
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / apache2

Package

Name
apache2
Purl
pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.69.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.69.1",
            "apache2-tls13-doc": "2.4.51-35.69.1",
            "apache2-worker": "2.4.51-35.69.1",
            "apache2-utils": "2.4.51-35.69.1",
            "apache2": "2.4.51-35.69.1",
            "apache2-tls13-worker": "2.4.51-35.69.1",
            "apache2-doc": "2.4.51-35.69.1",
            "apache2-devel": "2.4.51-35.69.1",
            "apache2-tls13-utils": "2.4.51-35.69.1",
            "apache2-tls13": "2.4.51-35.69.1",
            "apache2-tls13-devel": "2.4.51-35.69.1",
            "apache2-tls13-prefork": "2.4.51-35.69.1",
            "apache2-tls13-example-pages": "2.4.51-35.69.1",
            "apache2-prefork": "2.4.51-35.69.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / apache2-tls13

Package

Name
apache2-tls13
Purl
pkg:rpm/suse/apache2-tls13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.69.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.69.1",
            "apache2-tls13-doc": "2.4.51-35.69.1",
            "apache2-worker": "2.4.51-35.69.1",
            "apache2-utils": "2.4.51-35.69.1",
            "apache2": "2.4.51-35.69.1",
            "apache2-tls13-worker": "2.4.51-35.69.1",
            "apache2-doc": "2.4.51-35.69.1",
            "apache2-devel": "2.4.51-35.69.1",
            "apache2-tls13-utils": "2.4.51-35.69.1",
            "apache2-tls13": "2.4.51-35.69.1",
            "apache2-tls13-devel": "2.4.51-35.69.1",
            "apache2-tls13-prefork": "2.4.51-35.69.1",
            "apache2-tls13-example-pages": "2.4.51-35.69.1",
            "apache2-prefork": "2.4.51-35.69.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / apache2

Package

Name
apache2
Purl
pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.69.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.69.1",
            "apache2-tls13-doc": "2.4.51-35.69.1",
            "apache2-worker": "2.4.51-35.69.1",
            "apache2-utils": "2.4.51-35.69.1",
            "apache2": "2.4.51-35.69.1",
            "apache2-tls13-worker": "2.4.51-35.69.1",
            "apache2-doc": "2.4.51-35.69.1",
            "apache2-devel": "2.4.51-35.69.1",
            "apache2-tls13-utils": "2.4.51-35.69.1",
            "apache2-tls13": "2.4.51-35.69.1",
            "apache2-tls13-devel": "2.4.51-35.69.1",
            "apache2-tls13-prefork": "2.4.51-35.69.1",
            "apache2-tls13-example-pages": "2.4.51-35.69.1",
            "apache2-prefork": "2.4.51-35.69.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / apache2-tls13

Package

Name
apache2-tls13
Purl
pkg:rpm/suse/apache2-tls13&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.51-35.69.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-example-pages": "2.4.51-35.69.1",
            "apache2-tls13-doc": "2.4.51-35.69.1",
            "apache2-worker": "2.4.51-35.69.1",
            "apache2-utils": "2.4.51-35.69.1",
            "apache2": "2.4.51-35.69.1",
            "apache2-tls13-worker": "2.4.51-35.69.1",
            "apache2-doc": "2.4.51-35.69.1",
            "apache2-devel": "2.4.51-35.69.1",
            "apache2-tls13-utils": "2.4.51-35.69.1",
            "apache2-tls13": "2.4.51-35.69.1",
            "apache2-tls13-devel": "2.4.51-35.69.1",
            "apache2-tls13-prefork": "2.4.51-35.69.1",
            "apache2-tls13-example-pages": "2.4.51-35.69.1",
            "apache2-prefork": "2.4.51-35.69.1"
        }
    ]
}