httpd:2.4 security update
エラータID: AXSA:2021-2483:01
Release date:
Sunday, October 17, 2021 - 01:42
Subject:
httpd:2.4 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
* httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Modularity name: httpd
Stream name: 2.4
Solution:
Update packages.
CVEs:
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Additional Info:
N/A
Download:
SRPMS
- httpd-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.src.rpm
MD5: fd5a3c7b60ecebc6f772f6876823697c
SHA-256: 065d76f6a07789fa4df09293cb564ca8cd68f07cf9abe4d6c0182c820332ee5f
Size: 6.89 MB - mod_http2-1.15.7-3.module+el8+1309+7e76fef5.src.rpm
MD5: e57fffb590264d82d59774b43c9b3345
SHA-256: 50e834aed051743dc4362356da0bfa7fbe3b8197ea2637ccef523b3813877e01
Size: 1.01 MB - mod_md-2.0.8-8.module+el8+1309+7e76fef5.src.rpm
MD5: 28163409cafcd7c0d404ebeb444c98dc
SHA-256: b22bc174574cd5083006868ba1fe6d4002ef967a4913ddea969d95e2babe50da
Size: 635.34 kB
Asianux Server 8 for x86_64
- httpd-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 9572a50efa81c891194a4b06da6e0e92
SHA-256: ea28b6f52df9fa50515b09dc3a320a8bf357ad02a65f3f813a598fc97b4e33d7
Size: 1.40 MB - httpd-debugsource-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 59b2bf6fe545df3a84793e2e00441774
SHA-256: 1264b1395adaaa650be42c27511d1e89b6f4c099ecd163f23c045dc4c679443f
Size: 1.44 MB - httpd-devel-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: f40cea8432e58cd1a99c609a2cf257c0
SHA-256: 6ed64657d943e6211b6a2faffc6002e5717f4424a48dfcf4bc44802faad095d8
Size: 220.32 kB - httpd-filesystem-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.noarch.rpm
MD5: 768fe0c96e6e0eb9bc6b644108506746
SHA-256: 7e127609e5b9887186d926b38c7a76185123ddc54590447184cafa332ea18c13
Size: 37.67 kB - httpd-manual-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.noarch.rpm
MD5: bc508b1d90ea4649869a0eb694ae007c
SHA-256: 5c2d1b3ad409c9583bfba24eec26712a7d4dd72146f12ab72ff8dd2add03db6f
Size: 2.37 MB - httpd-tools-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 9df07d936e5c024d9831f567806f57de
SHA-256: deebe2ec38cc0a13c15ee343046a9a6fe21e2241fc0665f8c8b381593f6aeecb
Size: 104.72 kB - mod_ldap-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 30dabd0641b3538c21829a43c1156bc4
SHA-256: d105c764fc22d4aabd769e0b768782ea4b615289e82adab76d2a2a7882cb4b55
Size: 82.96 kB - mod_proxy_html-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 54a0ae33c7eb2076946379cebb62a7d4
SHA-256: 1a98d96e5ab4775e90044a80c06ecac9b1fefe49bbc730d15500788430b175d8
Size: 60.07 kB - mod_session-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: df50b4b5f98ff94830a8e383a54d6175
SHA-256: b1fbd7cc62354e4cbf93973f1f363f44b7b15f13b334fb9d05c268dedc551744
Size: 71.72 kB - mod_ssl-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
MD5: 6433bbfefcb499569faf87a56c4fa1bc
SHA-256: 7f6ff51fc2ae75b8981846f8b72928aee54eec82fe606fc376555a7dbb47f78c
Size: 133.63 kB - mod_http2-1.15.7-3.module+el8+1309+7e76fef5.x86_64.rpm
MD5: 2245bab8a84d4c595be887047ab039f4
SHA-256: b3e278061c6df985fd8bb6b079308a34d8f68a313db5ba98b9d19fda56cc7fb5
Size: 153.12 kB - mod_http2-debugsource-1.15.7-3.module+el8+1309+7e76fef5.x86_64.rpm
MD5: a050b73b4b32986fa70ab2c8af5143f0
SHA-256: 1f4f8699ca8f319fcd3d5adaf0d8de4f7999c9a89ac4d67dbaa3e6cd451fd3dd
Size: 146.92 kB - mod_md-2.0.8-8.module+el8+1309+7e76fef5.x86_64.rpm
MD5: 339ba194c1d5845befc5ee7753ffd128
SHA-256: 523513c691b24cd62882fe0b91af74b71de524c57e956adae9986ae8e2710799
Size: 183.60 kB - mod_md-debugsource-2.0.8-8.module+el8+1309+7e76fef5.x86_64.rpm
MD5: c34a7cb5bfcedeacd3c969aea2d0730a
SHA-256: 2641991b3217e69accb96dc28a9ba2abd72ec6379333927d306c079c2d5535e3
Size: 126.25 kB
日本語