SUSE-SU-2025:02685-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202502685-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:02685-1
Upstream
Related
Published
2025-08-04T15:08:14Z
Modified
2026-03-23T04:46:45.661111Z
Summary
Security update for apache2
Details

This update for apache2 fixes the following issues:

  • CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
  • CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305)
  • CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303)
  • CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
  • CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in modproxyhttp2. (bsc#1246307)
  • CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169)
  • CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306)
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP7
apache2

Package

Name
apache2
Purl
pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-prefork": "2.4.62-150700.4.3.1",
            "apache2": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"
apache2-prefork

Package

Name
apache2-prefork
Purl
pkg:rpm/suse/apache2-prefork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-prefork": "2.4.62-150700.4.3.1",
            "apache2": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"
SUSE:Linux Enterprise Module for Package Hub 15 SP7
apache2-event

Package

Name
apache2-event
Purl
pkg:rpm/suse/apache2-event&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-event": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"
SUSE:Linux Enterprise Module for Server Applications 15 SP7
apache2-devel

Package

Name
apache2-devel
Purl
pkg:rpm/suse/apache2-devel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-utils": "2.4.62-150700.4.3.1",
            "apache2-devel": "2.4.62-150700.4.3.1",
            "apache2-worker": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"
apache2-utils

Package

Name
apache2-utils
Purl
pkg:rpm/suse/apache2-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-utils": "2.4.62-150700.4.3.1",
            "apache2-devel": "2.4.62-150700.4.3.1",
            "apache2-worker": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"
apache2-worker

Package

Name
apache2-worker
Purl
pkg:rpm/suse/apache2-worker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.62-150700.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache2-utils": "2.4.62-150700.4.3.1",
            "apache2-devel": "2.4.62-150700.4.3.1",
            "apache2-worker": "2.4.62-150700.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02685-1.json"