OPENSUSE-SU-2020:1285-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 29 Aug 2020, 10:24
Last modified:04 Feb 2026, 04:08
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 Aug 2020, 10:24
Published
Vulnerability first disclosed
04 Feb 2026, 04:08
Last Modified
Vulnerability information updated
Description
Security update for apache2 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). - Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•apache2&distro=openSUSE Leap 15.2
< 2.4.43-lp152.2.3.1
References (8)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DNHWQK37E6OEGDE4U5AXBOE5FAJDEVKS/
- https://bugzilla.suse.com/1174052
- https://bugzilla.suse.com/1175070
- https://bugzilla.suse.com/1175071
- https://bugzilla.suse.com/1175074
- https://www.suse.com/security/cve/CVE-2020-11984
- https://www.suse.com/security/cve/CVE-2020-11993
- https://www.suse.com/security/cve/CVE-2020-9490