httpd-2.4.6-89.0.1.el7.AXS7

エラータID: AXSA:2019-3965:02

Release date: 
Wednesday, August 7, 2019 - 02:25
Subject: 
httpd-2.4.6-89.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Solution: 

Update packages.

CVEs: 
CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.6-89.0.1.el7.AXS7.src.rpm
    MD5: ed69277610efed2dfc436cbf931aabb5
    SHA-256: fa37c331eb8914753c609270350d7b3eb346fd9bb86d3a53fe74f4d99bc79d75
    Size: 4.95 MB

Asianux Server 7 for x86_64
  1. httpd-2.4.6-89.0.1.el7.AXS7.x86_64.rpm
    MD5: 9feee015a90a9d2f5e2923dc1abdb1d0
    SHA-256: e8dffe42eee68ea34f4373793726220f0011031a13b81f375d0df75879f259cb
    Size: 1.19 MB
  2. httpd-devel-2.4.6-89.0.1.el7.AXS7.x86_64.rpm
    MD5: 4079f16252a7b4672bbc9668e42f0416
    SHA-256: 4c93bd8714fb04c7c900c9ba5c8c4895eab9b126969c9eec4b008e6b77ae2d54
    Size: 195.61 kB
  3. httpd-manual-2.4.6-89.0.1.el7.AXS7.noarch.rpm
    MD5: 807fb0cf9b43779e470032c506f397d2
    SHA-256: 015ddbd36842d04aa84932c2a5f67f763577d7f0437017a09b6bb32f2c6d3769
    Size: 1.34 MB
  4. httpd-tools-2.4.6-89.0.1.el7.AXS7.x86_64.rpm
    MD5: 9d1e914838a61cde52846d0d4e37dd7e
    SHA-256: 58f6cc856eaa9cd26a6bde9fc9a3b276871bd3d4bbea2d91c2360ef25a743765
    Size: 89.62 kB
  5. mod_session-2.4.6-89.0.1.el7.AXS7.x86_64.rpm
    MD5: 6feac53824f042fe5596f6242fa567a7
    SHA-256: dd92104cc80719be3ee2966fbc33258314f7c9843d871023fae6befdb173ca2c
    Size: 59.86 kB
  6. mod_ssl-2.4.6-89.0.1.el7.AXS7.x86_64.rpm
    MD5: 495ecb1950a88103bfde5b68568cc789
    SHA-256: 4b9033e9caa12d21b1fc791f67b4d58ea8a422a18d3799a621c2103dc5d1eab4
    Size: 111.25 kB