httpd24-httpd-2.4.34-22.el7.1

エラータID: AXSA:2021-2460:01

Release date: 
Monday, October 11, 2021 - 09:49
Subject: 
httpd24-httpd-2.4.34-22.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. httpd24-httpd-2.4.34-22.el7.1.src.rpm
    MD5: 4217c46197574187e890698580478080
    SHA-256: f390051556215400587ed77ffc2ed3af0e93f9d05856d96ce0a10feb1838ac7d
    Size: 6.75 MB

Asianux Server 7 for x86_64
  1. httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm
    MD5: bff837c75533d28b37fdc353c06ede82
    SHA-256: 3d4bcc4a01449c3e353d73863637852353bde3385e9c6bae96dc5fb50a845867
    Size: 1.38 MB
  2. httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm
    MD5: 240a4b6695f4306ed3aa61181c980dfd
    SHA-256: b7acd6519d0743626ea0fb9ca7db7eb33f150c1ee2bfb600fadcaed464d5bcad
    Size: 208.86 kB
  3. httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm
    MD5: 72f4fd6a780c3d41b9ff6adb730755c3
    SHA-256: 14af833d841cf5ec244961e64f3b7461118b5a9c5f961c4fcf03bde033355678
    Size: 2.36 MB
  4. httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm
    MD5: 83e0c6660d2c407b6dca94f36cc43589
    SHA-256: 0cdbf2d5a0d493addf76ab633482e527aa24304ece57a6d60a736159167809b2
    Size: 90.60 kB
  5. httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm
    MD5: a771659b36f2184c02cd27ad333c221b
    SHA-256: 7653e2cb8aba26b0ca53e4d7b1cb5b0566236d69a2098c3797d74a3f3666e856
    Size: 71.00 kB
  6. httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm
    MD5: 64a4a27a2f439995249df3973ceaa358
    SHA-256: 18ca0e3d08ba3bd7a5b37a5e35d9064d9033f6c119a3239770684176f804d677
    Size: 49.18 kB
  7. httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm
    MD5: c42fafb2cad1ccfabe01dacbd9b1bb38
    SHA-256: cb17da807a10f1d53b883b334d8216df1aed67b719c790f70cd9e03c96b2c9dd
    Size: 60.09 kB
  8. httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm
    MD5: e70edb508a875cc0449e75257beb5ab5
    SHA-256: d6a7c6d5f727f26d3a9532522e8d3ae10706b3594cbcf085132e385fcd057599
    Size: 115.36 kB