httpd-2.4.6-90.0.1.el7.AXS7
エラータID: AXSA:2019-4324:03
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)
* httpd: URL normalization inconsistency (CVE-2019-0220)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Update packages.
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
N/A
SRPMS
- httpd-2.4.6-90.0.1.el7.AXS7.src.rpm
MD5: 675aa64190136d1273a5d38b534c83e4
SHA-256: 3a997b5bf39bdf568ec94912b9c63d460caa0ff37dbb80bbe1e0b99642393d96
Size: 4.95 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-90.0.1.el7.AXS7.x86_64.rpm
MD5: 4f7538c22d86afd79b4b9a7653b6b127
SHA-256: 095ad3b99202a8da83285cd6ab1039f5ccb9d8b0bfbc45d6cc3d12684e538e27
Size: 1.19 MB - httpd-devel-2.4.6-90.0.1.el7.AXS7.x86_64.rpm
MD5: d9094b1b5e118725574e3fe861653716
SHA-256: 1bf9c4bce3ea7912515559c197cc2162a3e6935557b61e3c2834923b0ec4bc4c
Size: 195.97 kB - httpd-manual-2.4.6-90.0.1.el7.AXS7.noarch.rpm
MD5: 6d99258c1969998e7927c69ad01034d5
SHA-256: d97db0e69e92ac4c417d9bad2ec4a992e2c52482c3117d33a6c167ca2e804984
Size: 1.34 MB - httpd-tools-2.4.6-90.0.1.el7.AXS7.x86_64.rpm
MD5: d422cada23de50887843dcc2c53263a8
SHA-256: 45d12eeef9870cf5312c0da67dc451d323747a0bcd78c76aefa77ea047cfdaa5
Size: 89.79 kB - mod_session-2.4.6-90.0.1.el7.AXS7.x86_64.rpm
MD5: 84c3017916a068c391bee67fce65cafe
SHA-256: c2c122968f2092881ca46e8970c6d0b7335ed7dccd4bce692c642dc20846a17b
Size: 60.02 kB - mod_ssl-2.4.6-90.0.1.el7.AXS7.x86_64.rpm
MD5: 17ed4f41339b8cb49eec082a6ff1552f
SHA-256: f5316ed8e12b03793d7bb62085a4806ede344a6bc59724042bf8b944b7d9e785
Size: 111.40 kB