SUSE-SU-2026:0020-1

This update for apache2 fixes the following issues:

CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)

apache2

SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-devel

SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-prefork

SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-utils

SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-worker

SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-event

openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1

apache2-manual

openSUSE Leap 15.6

Fixed in:

2.4.58-150600.5.41.1