SUSE-SU-2025:4518-1

CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP7

apache2

Package

Name: apache2
Purl: pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2": "2.4.62-150700.4.9.1",
            "apache2-prefork": "2.4.62-150700.4.9.1"
        }
    ]
}

apache2-prefork

Package

Name: apache2-prefork
Purl: pkg:rpm/suse/apache2-prefork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2": "2.4.62-150700.4.9.1",
            "apache2-prefork": "2.4.62-150700.4.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP7

apache2-event

Package

Name: apache2-event
Purl: pkg:rpm/suse/apache2-event&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-event": "2.4.62-150700.4.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP7

apache2-devel

Package

Name: apache2-devel
Purl: pkg:rpm/suse/apache2-devel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-worker": "2.4.62-150700.4.9.1",
            "apache2-utils": "2.4.62-150700.4.9.1",
            "apache2-devel": "2.4.62-150700.4.9.1"
        }
    ]
}

apache2-utils

Package

Name: apache2-utils
Purl: pkg:rpm/suse/apache2-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-worker": "2.4.62-150700.4.9.1",
            "apache2-utils": "2.4.62-150700.4.9.1",
            "apache2-devel": "2.4.62-150700.4.9.1"
        }
    ]
}

apache2-worker

Package

Name: apache2-worker
Purl: pkg:rpm/suse/apache2-worker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-150700.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-worker": "2.4.62-150700.4.9.1",
            "apache2-utils": "2.4.62-150700.4.9.1",
            "apache2-devel": "2.4.62-150700.4.9.1"
        }
    ]
}