httpd:2.4 security update

エラータID: AXSA:2021-2483:01

Release date: 
Sunday, October 17, 2021 - 01:42
Subject: 
httpd:2.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
* httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Modularity name: httpd
Stream name: 2.4

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.src.rpm
    MD5: fd5a3c7b60ecebc6f772f6876823697c
    SHA-256: 065d76f6a07789fa4df09293cb564ca8cd68f07cf9abe4d6c0182c820332ee5f
    Size: 6.89 MB
  2. mod_http2-1.15.7-3.module+el8+1309+7e76fef5.src.rpm
    MD5: e57fffb590264d82d59774b43c9b3345
    SHA-256: 50e834aed051743dc4362356da0bfa7fbe3b8197ea2637ccef523b3813877e01
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1309+7e76fef5.src.rpm
    MD5: 28163409cafcd7c0d404ebeb444c98dc
    SHA-256: b22bc174574cd5083006868ba1fe6d4002ef967a4913ddea969d95e2babe50da
    Size: 635.34 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 9572a50efa81c891194a4b06da6e0e92
    SHA-256: ea28b6f52df9fa50515b09dc3a320a8bf357ad02a65f3f813a598fc97b4e33d7
    Size: 1.40 MB
  2. httpd-debugsource-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 59b2bf6fe545df3a84793e2e00441774
    SHA-256: 1264b1395adaaa650be42c27511d1e89b6f4c099ecd163f23c045dc4c679443f
    Size: 1.44 MB
  3. httpd-devel-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: f40cea8432e58cd1a99c609a2cf257c0
    SHA-256: 6ed64657d943e6211b6a2faffc6002e5717f4424a48dfcf4bc44802faad095d8
    Size: 220.32 kB
  4. httpd-filesystem-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.noarch.rpm
    MD5: 768fe0c96e6e0eb9bc6b644108506746
    SHA-256: 7e127609e5b9887186d926b38c7a76185123ddc54590447184cafa332ea18c13
    Size: 37.67 kB
  5. httpd-manual-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.noarch.rpm
    MD5: bc508b1d90ea4649869a0eb694ae007c
    SHA-256: 5c2d1b3ad409c9583bfba24eec26712a7d4dd72146f12ab72ff8dd2add03db6f
    Size: 2.37 MB
  6. httpd-tools-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 9df07d936e5c024d9831f567806f57de
    SHA-256: deebe2ec38cc0a13c15ee343046a9a6fe21e2241fc0665f8c8b381593f6aeecb
    Size: 104.72 kB
  7. mod_ldap-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 30dabd0641b3538c21829a43c1156bc4
    SHA-256: d105c764fc22d4aabd769e0b768782ea4b615289e82adab76d2a2a7882cb4b55
    Size: 82.96 kB
  8. mod_proxy_html-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 54a0ae33c7eb2076946379cebb62a7d4
    SHA-256: 1a98d96e5ab4775e90044a80c06ecac9b1fefe49bbc730d15500788430b175d8
    Size: 60.07 kB
  9. mod_session-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: df50b4b5f98ff94830a8e383a54d6175
    SHA-256: b1fbd7cc62354e4cbf93973f1f363f44b7b15f13b334fb9d05c268dedc551744
    Size: 71.72 kB
  10. mod_ssl-2.4.37-39.module+el8+1309+7e76fef5.1.ML.1.x86_64.rpm
    MD5: 6433bbfefcb499569faf87a56c4fa1bc
    SHA-256: 7f6ff51fc2ae75b8981846f8b72928aee54eec82fe606fc376555a7dbb47f78c
    Size: 133.63 kB
  11. mod_http2-1.15.7-3.module+el8+1309+7e76fef5.x86_64.rpm
    MD5: 2245bab8a84d4c595be887047ab039f4
    SHA-256: b3e278061c6df985fd8bb6b079308a34d8f68a313db5ba98b9d19fda56cc7fb5
    Size: 153.12 kB
  12. mod_http2-debugsource-1.15.7-3.module+el8+1309+7e76fef5.x86_64.rpm
    MD5: a050b73b4b32986fa70ab2c8af5143f0
    SHA-256: 1f4f8699ca8f319fcd3d5adaf0d8de4f7999c9a89ac4d67dbaa3e6cd451fd3dd
    Size: 146.92 kB
  13. mod_md-2.0.8-8.module+el8+1309+7e76fef5.x86_64.rpm
    MD5: 339ba194c1d5845befc5ee7753ffd128
    SHA-256: 523513c691b24cd62882fe0b91af74b71de524c57e956adae9986ae8e2710799
    Size: 183.60 kB
  14. mod_md-debugsource-2.0.8-8.module+el8+1309+7e76fef5.x86_64.rpm
    MD5: c34a7cb5bfcedeacd3c969aea2d0730a
    SHA-256: 2641991b3217e69accb96dc28a9ba2abd72ec6379333927d306c079c2d5535e3
    Size: 126.25 kB