TTCSIRT-313.050420: TT-CSIRT ADVISORY – SUSE SECURITY UPDATE FOR APACHE2
Suse has released security update for Apache2 to address three vulnerabilities such as CVE-2020-1927, CVE-2020-1934 and CVE-2020-1938. This update fixes the following issues:
- CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407).
- CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404).
- CVE-2020-1938: mod_proxy_ajp: Add “secret” parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066).
TTCSIRT encourages users and administrators to review the Suse Security Update and apply the necessary updates:
https://www.suse.com/support/update/announcement/2020/suse-su-20201126-1/