httpd24-httpd-2.4.34-23.el7.1

エラータID: AXSA:2022-3021:01

Release date: 
Thursday, January 27, 2022 - 12:52
Subject: 
httpd24-httpd-2.4.34-23.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Solution: 

Update packages.

CVEs: 
CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd24-httpd-2.4.34-23.el7.1.src.rpm
    MD5: 5473144763d00be82924db5de24bdb29
    SHA-256: 1b73852ec40498a0d8487dadbe75c6c01ab245e3331215c86c7204e6cc685418
    Size: 6.75 MB

Asianux Server 7 for x86_64
  1. httpd24-httpd-2.4.34-23.el7.1.x86_64.rpm
    MD5: adac0b4355132fbece79506aed8f6516
    SHA-256: 923f15677d8f1192438ab270ce76853f670f36c23bb9d06b56683a7891ff8817
    Size: 1.38 MB
  2. httpd24-httpd-devel-2.4.34-23.el7.1.x86_64.rpm
    MD5: ba1d6160fcb34db5366abe7a2b117a3e
    SHA-256: 99691cba240d34685de7e1823a1d3152b1f43615951e86d98d0f4e9fb7447c9c
    Size: 209.02 kB
  3. httpd24-httpd-manual-2.4.34-23.el7.1.noarch.rpm
    MD5: 1dc34a06bc8f897d897ec68bf257043b
    SHA-256: 4046a83c94aa7976118d1d51bd64cd9dd2bfbe28c04c6be24df5f102000468d4
    Size: 2.36 MB
  4. httpd24-httpd-tools-2.4.34-23.el7.1.x86_64.rpm
    MD5: 140245f331e588d8f94d689ce7a2d76e
    SHA-256: aaca8939eedf064a858d5fd654d7082661874c196ac3118c02497e38a9008c9d
    Size: 90.80 kB
  5. httpd24-mod_ldap-2.4.34-23.el7.1.x86_64.rpm
    MD5: 777ac5cf457e001afe80897757b633ef
    SHA-256: 8ecacff1e6a1d22c7f8b149a7ef789096d3b0e36073d44c7109640e151a69b80
    Size: 71.18 kB
  6. httpd24-mod_proxy_html-2.4.34-23.el7.1.x86_64.rpm
    MD5: 8ce1182b05508e92eb5267e1c52aba52
    SHA-256: eea867c213cebea38aad0101c041898f9ea8673f1c8e5b45eb91ad281be19000
    Size: 49.36 kB
  7. httpd24-mod_session-2.4.34-23.el7.1.x86_64.rpm
    MD5: adb590396a2afadc010e1bc9364a3fc4
    SHA-256: db0b955ee6830c05a4031f5285c6663e8d05dcef9821ff4f95ebd59957bb94a2
    Size: 60.27 kB
  8. httpd24-mod_ssl-2.4.34-23.el7.1.x86_64.rpm
    MD5: 3a2772920088a4e249b0c468ac55e8ae
    SHA-256: 43455ea93553e529d11c5400a38c1307da776cab440f007b5529fb28f590b7b6
    Size: 115.55 kB