httpd:2.4 security update

エラータID: AXSA:2021-2541:01

Release date: 
Thursday, November 11, 2021 - 12:59
Subject: 
httpd:2.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and
extensible web server.

Security Fix(es):

httpd: mod_session: NULL pointer dereference when parsing Cookie header
(CVE-2021-26690)
httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641)

httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in MIRACLE
LINUX 8.4 (CVE-2021-20325)

CVE(s):
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
CVE-2021-20325
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: httpd
Stream name: 2.4

Solution: 

Update packages.

CVEs: 
CVE-2021-20325
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.src.rpm
    MD5: 80ad9b641a430cfecd311a9606f6e91d
    SHA-256: 70c5bcdf0b58e3f9da1f8d0861710274fbd4233aabbad6fea8d56f7ece020ca0
    Size: 6.89 MB
  2. mod_http2-1.15.7-3.module+el8+1317+f58cada6.src.rpm
    MD5: d0efa74ed124b4f01f8ff9b4f10513f5
    SHA-256: 4f47172f27f5040aa6ed7d65b0f81b6890baa9738ef1be1e3b420e2fdb2807dc
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1317+f58cada6.src.rpm
    MD5: 168f658343f300d02590514bc758df38
    SHA-256: 7e77c16bf978fa168ebaa5981a177339e0a06defbfe3a7690a12d147d309c504
    Size: 635.34 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: e82783474f6aa0b394954b24fdac1d91
    SHA-256: 17f9bed942571cb86a0cac8ca1a2e7f3133068028231f3c1038842309fe1aa05
    Size: 1.40 MB
  2. httpd-debugsource-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: 2e559a1096c2eefab9ba0b9d707d90cd
    SHA-256: aae830a649e2cf9116814c61b389728aa1a395e55e150165c77e9c72b52adf45
    Size: 1.44 MB
  3. httpd-devel-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: 54e19313290e640c45991b15667cd312
    SHA-256: 57423d801e91dfc7d162111f97b7b975e81f0c7daf9a80425dde9dc2ba5194d2
    Size: 220.47 kB
  4. httpd-filesystem-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.noarch.rpm
    MD5: 01ceab3e04e377cb0af377b7c2750b89
    SHA-256: 7c5f2de5a70459cf257bfb793ee5b21d71b5728b7de080402b63b97506577f2e
    Size: 37.82 kB
  5. httpd-manual-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.noarch.rpm
    MD5: 41c967678b7fbf45939cca93a59934b1
    SHA-256: 2ad2ad81667e097aab1ca5ce17c047f8ab7287d19dadec2637deace8c8c2801d
    Size: 2.37 MB
  6. httpd-tools-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: ff89dc8e5e34ca9cc9150152ccd674ee
    SHA-256: c9448dcbb3c1f7a299837fc889e2d961335234b4ddcaab2819b4c414e3fbb7ff
    Size: 105.14 kB
  7. mod_ldap-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: 6e34317fedb695bf7eaab6a57e1a3317
    SHA-256: 28bbc280f85acd6e883bf032341456fc7f2713241f40e0f9c526b19692db69a4
    Size: 83.10 kB
  8. mod_proxy_html-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: 337ac8ab269f037814e7bb3212dadc83
    SHA-256: b4d154f29e4481b6230a13c15d3d41df01d3e76a2a4ce75e5e29b0824d40e407
    Size: 60.21 kB
  9. mod_session-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: 7c8a323049c19ca3cdef65138bda1cc2
    SHA-256: 278e724a2cf027a61aeffcf7f533b83eb4e0777561911b8c283c25bbe6890a3a
    Size: 71.84 kB
  10. mod_ssl-2.4.37-39.module+el8+1317+f58cada6.1.ML.2.x86_64.rpm
    MD5: c3da7d693f6d72a1d6b8a02e2e2d0b74
    SHA-256: eb5bdc4f6c83b9d0e3d5ab500ec4123ffffac9df2c80297b7dac637b8a4aaaab
    Size: 133.78 kB
  11. mod_http2-1.15.7-3.module+el8+1317+f58cada6.x86_64.rpm
    MD5: 6f4ab2deaa5bb039a6816ed10731f8a8
    SHA-256: fcdb9b17b4107cbf406811a8b58bae9559a29edaf2faad4e97b99f759a1be72c
    Size: 153.12 kB
  12. mod_http2-debugsource-1.15.7-3.module+el8+1317+f58cada6.x86_64.rpm
    MD5: 958333358fb5aee5dfbaee012c59cc01
    SHA-256: 35a65a8742f4a69268fbc58b6745b9710a742d56c98007ce0bc8688bde69991e
    Size: 146.92 kB
  13. mod_md-2.0.8-8.module+el8+1317+f58cada6.x86_64.rpm
    MD5: 7b79b57187b9a7fffeee5a7062a48c64
    SHA-256: aa60c2029ee627230abee3cd7d8dd16ba08f1a321f05f1b6904e0b36b973adde
    Size: 183.59 kB
  14. mod_md-debugsource-2.0.8-8.module+el8+1317+f58cada6.x86_64.rpm
    MD5: 09877811470a0c51e57b8133a6d1bd6e
    SHA-256: dc1d68f253bb641a067a866d7fee9115d82d3390f1513805c520926b518e7865
    Size: 126.25 kB