httpd:2.4 security update

エラータID: AXSA:2022-3019:01

Release date: 
Wednesday, January 26, 2022 - 06:02
Subject: 
httpd:2.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Modularity name: httpd
Stream name: 2.4

Solution: 

Update packages.

CVEs: 
CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.src.rpm
    MD5: b91ac4d29e132682e8367da6ce1b7ed5
    SHA-256: eafce732fd086aeb848fc5e578f12f6c223eef65f3c20486f56c8ce27357dadd
    Size: 6.91 MB
  2. mod_http2-1.15.7-3.module+el8+1387+fd72f2f7.src.rpm
    MD5: 7bc69098f9f22d4822a3eadec2e35094
    SHA-256: 5a2b20dcbcc54b80168f1cb6ef852da5fc0064333eceae38f753e7188e76bb54
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1387+fd72f2f7.src.rpm
    MD5: d2317b2a930515ada9fada4410d5de85
    SHA-256: 8dc6edd7024251c83612ddf59153965d081bf91c6e83590dcec7fd10c441a885
    Size: 635.34 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 00e4f77abb213ede36cb5655c9bd7457
    SHA-256: b77c0063bf8695d1761cb6de0aa46ea9a480bb16807bb68d46350669ff213eed
    Size: 1.41 MB
  2. httpd-debugsource-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 51cb6e5302a07e9f772bc223dcb6c7a5
    SHA-256: dd7103cc8a55224a2c41da0783b8c62dbdb088d8995badcc39570655165e5fe0
    Size: 1.44 MB
  3. httpd-devel-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 0975efd9c4d82209a29bf2738bcf509d
    SHA-256: f45678806ac07b0a93ddd9cf0543dd367118511ad5c0c7f7be48f3f7a70e6db5
    Size: 221.34 kB
  4. httpd-filesystem-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.noarch.rpm
    MD5: 8863b53fb7ecc5bb8c5f21953ee8dc66
    SHA-256: 215c00209fb805a80abe0d0921a8b355185454a18c194199369944c58fcd7482
    Size: 38.68 kB
  5. httpd-manual-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.noarch.rpm
    MD5: a72c68771705d32f112cea97d41f6915
    SHA-256: c55403d4c1b220f911c1e2bcdb1d01a8311ba2a6a58669168a52235384faa8d4
    Size: 2.37 MB
  6. httpd-tools-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 43a27da22688283bb3e099954b7a0c05
    SHA-256: ca796fcea9b782a5ceae8f5977705ea3a7c331f08b06ba64b8c52cd7b3a03f9b
    Size: 105.79 kB
  7. mod_ldap-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: a0c87799567a3db508f87315839a819b
    SHA-256: 3b8f9cc85ebf8172bdfc0e64331f6f769e9a53644368659d0e9ef486bd21a256
    Size: 83.99 kB
  8. mod_proxy_html-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 23fbcf745634e89f395f740b8f333606
    SHA-256: 86b3ef2b93dbcff7e390cc6e0a640efc0edea888e3c253da98bcda31f67aa873
    Size: 61.07 kB
  9. mod_session-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: fe66a132381185f8279c949728a81b5d
    SHA-256: 557ef7973ab87468dc297d56bf42c98cf25096a379731c4f4622f946d6253f49
    Size: 72.73 kB
  10. mod_ssl-2.4.37-43.module+el8+1387+fd72f2f7.1.ML.1.x86_64.rpm
    MD5: 63741db0a2c75c955a776df0522e55b5
    SHA-256: d137592214d25105f1d609d1ba279357b5b71f0c82314359647561c6ceb8b6ff
    Size: 135.30 kB
  11. mod_http2-1.15.7-3.module+el8+1387+fd72f2f7.x86_64.rpm
    MD5: 064655da9acc85fcfbb46a2cddd7571e
    SHA-256: 08765fb90dff4c5da88743b02b7c549c9c8b6bf246e3df3bae9bd98ddf67f558
    Size: 153.14 kB
  12. mod_http2-debugsource-1.15.7-3.module+el8+1387+fd72f2f7.x86_64.rpm
    MD5: da733d71d1d5f9ea9e55d5d4a925c2d0
    SHA-256: b4d6bf67c33e2a9120845acecc90a22c1e29e213e8a0458feffeeec0864f7f5f
    Size: 146.92 kB
  13. mod_md-2.0.8-8.module+el8+1387+fd72f2f7.x86_64.rpm
    MD5: edbd85fa8d5be512cac77e4f325a5f43
    SHA-256: 5b6c6d6d1ebdb0403543740f87cf57811ec9069e5c4f63d762d43a607c2c5ae8
    Size: 183.63 kB
  14. mod_md-debugsource-2.0.8-8.module+el8+1387+fd72f2f7.x86_64.rpm
    MD5: 5d5e4acfce6ac5be6a32c053f7c9f1b0
    SHA-256: e5c8a236b42434017af33174885a5e1100a2c41a0cfa72a1b7bd137f5865c813
    Size: 126.25 kB