FERRAMENTAS LINUX: Critical Security Update: Apache2-mod_security2 Vulnerabilities Patched in openSUSE (CVE-2025-47947, CVE-2025-48866)

quinta-feira, 19 de junho de 2025

Critical Security Update: Apache2-mod_security2 Vulnerabilities Patched in openSUSE (CVE-2025-47947, CVE-2025-48866)

 

SUSE



Critical security update for openSUSE: Patch apache2-mod_security2 vulnerabilities CVE-2025-47947 and CVE-2025-48866 to prevent denial-of-service attacks. Complete installation instructions for all affected SUSE Linux distributions, including Enterprise Server, Leap, and Manager products. Learn mitigation strategies.

SUSE has released an important security update (2025:02028-1) addressing two critical vulnerabilities in the apache2-mod_security2 module for openSUSE Linux distributions. 

These vulnerabilities, identified as CVE-2025-47947 and CVE-2025-48866, could allow attackers to launch denial-of-service (DoS) attacks against web servers running this popular web application firewall module.

Vulnerability Analysis

CVE-2025-47947: SanitiseMatchedBytes DoS Vulnerability

This vulnerability exists in the sanitiseMatchedBytes function of mod_security2, where improper input validation could be exploited to crash the Apache web server process. Security researchers have confirmed that this flaw could be triggered remotely without authentication, making it particularly dangerous for internet-facing systems.

CVE-2025-48866: SanitiseArg Argument Handling Vulnerability

The second vulnerability stems from inadequate handling of excessive arguments in the sanitiseArg function. Attackers could craft malicious requests containing an unusually high number of arguments, causing resource exhaustion and service disruption.

Both vulnerabilities have been rated as important by SUSE's security team and affect multiple versions of openSUSE Leap and SUSE Linux Enterprise products.

Affected Products and Versions

The security update impacts a wide range of SUSE products, including:

  • openSUSE Leap 15.4 and 15.6

  • SUSE Linux Enterprise Server 15 SP4 and SP5 (including LTSS versions)

  • SUSE Manager products (Proxy 4.3, Retail Branch Server 4.3, Server 4.3)

  • High Performance Computing ESPOS and LTSS versions

  • Server Applications Module 15-SP6 and 15-SP7

  • SUSE Linux Enterprise Server for SAP Applications 15 SP4 and SP5

Patch Installation Instructions

To protect your systems, apply the update immediately using one of these methods:

For openSUSE Leap:

bash
# openSUSE Leap 15.4
sudo zypper in -t patch SUSE-2025-2028=1

# openSUSE Leap 15.6
sudo zypper in -t patch openSUSE-SLE-15.6-2025-2028=1

For Enterprise Environments:

bash
# SUSE Linux Enterprise Server 15 SP5 LTSS
sudo zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2028=1

# Server Applications Module 15-SP6
sudo zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2028=1

After patching, restart your Apache service to ensure the updated module is loaded:

bash
sudo systemctl restart apache2

Verification and Post-Patch Checks

Confirm successful installation by checking the module version:

bash
httpd -M | grep security
apache2ctl -M | grep security

The patched version should report 2.9.4-150400.3.9.1 or higher. Additionally, review your Apache error logs for any unusual activity that might indicate prior exploitation attempts.

Mitigation Strategies for Unpatchable Systems

For systems that cannot be immediately updated, consider these temporary measures:

  1. Rate Limiting: Implement request rate limiting via mod_evasive or cloud-based WAF solutions

  2. Input Validation: Strengthen custom rules to filter suspicious argument patterns

  3. Load Balancing: Distribute traffic across multiple servers to minimize single-point failure impact

  4. Monitoring: Enhance logging of requests triggering SecRuleEngine operations

Enterprise Security Considerations

Organizations running business-critical web applications should:

  • Conduct vulnerability assessments for all web-facing systems

  • Update incident response plans to include mod_security-specific scenarios

  • Review SIEM rules to detect potential exploitation patterns

  • Consider deploying additional web application firewall layers

Frequently Asked Questions

Q: How critical are these vulnerabilities?

A: Both are rated as "important" by SUSE, with CVSS scores likely in the 7-8 range (high severity) due to the DoS potential.

Q: Are cloud-hosted instances affected?

A: Yes, if running unpatched versions of mod_security2 on any affected SUSE distribution.

Q: What's the performance impact of the patch?

A: The update includes optimized routines that may actually improve performance for certain workloads.

Q: Can these vulnerabilities lead to remote code execution?
A: Current analysis indicates only DoS potential, not RCE. However, service disruption can have serious business consequences.

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)