httpd:2.4 security update
エラータID: AXSA:2022-3116:01
Release date:
Thursday, March 17, 2022 - 10:39
Subject:
httpd:2.4 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Modularity name: httpd
Stream name: 2.4
Solution:
Update packages.
CVEs:
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Additional Info:
N/A
Download:
SRPMS
- httpd-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.src.rpm
MD5: 3cce88259e41a5c62b1f1e00984d1982
SHA-256: 7ec25a467e0147a30bc3930b91c6e7800e235d1c88671f1853678e89ab5d4059
Size: 6.91 MB - mod_http2-1.15.7-3.module+el8+1401+e8b32579.src.rpm
MD5: 364c1e0d69a24b3ede036abe5b45eeef
SHA-256: 7e29b28c024eb854b918a17550527342321253bca27fa15147f2f521c49545e6
Size: 1.01 MB - mod_md-2.0.8-8.module+el8+1401+e8b32579.src.rpm
MD5: 34523dc54e300930a4db1c80080645bf
SHA-256: 3b2f2394991b949133b6cd5e1fbce3d86d6c3b4710e486fa4a7b4b21510b61a9
Size: 635.32 kB
Asianux Server 8 for x86_64
- httpd-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: 64d42ac9103d8202dcd4f658215f6408
SHA-256: fecfba43e08769ee0d89acf465bc6d60cee391d6d851da3f12df93d2bd532d79
Size: 1.41 MB - httpd-debugsource-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: d89d358d1136dd694feb35683a6179a7
SHA-256: afce6634b8b6477054f6d071148b64626dfaad1e67a72af6d121b3707b4d0934
Size: 1.44 MB - httpd-devel-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: 748a86a100cf85a058e3c8189cad6f19
SHA-256: 10b83c2df8596334080611310f23c01bd615cee4542862fe837917751cdb6016
Size: 221.59 kB - httpd-filesystem-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.noarch.rpm
MD5: f02ba2a644ace7c82aa5f749ac2b31a0
SHA-256: 88efaeed6ef29ff0c5f13b91cd8908e934cb1c78b56492a20706556aedc9f4f7
Size: 38.94 kB - httpd-manual-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.noarch.rpm
MD5: 3a47ff49781c76de6d1a1467b174ba0b
SHA-256: 19816d088f69443d4b41557532e4ff3c29393fba6e9910398a437543b45976e1
Size: 2.37 MB - httpd-tools-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: ee44fa82eb7ed4300f261f8002bb641c
SHA-256: faa9cbeadaa2a493623620c9baa3940b929cc9d7815b74971aadfcafdd122ca3
Size: 106.07 kB - mod_ldap-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: d9ab49d1522828ac385ecc22b4fa0618
SHA-256: 2e1fbb369d8750353bd90e0f69df25a08bfa9656fdced9a4293146b41e4d2c9a
Size: 84.24 kB - mod_proxy_html-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: 63c69ab04bc76a176635dfa80032fedb
SHA-256: 8ca3a979001e995b8bb6b1b1a956da5f423afab7cb65a851d8d98f8d1d36118a
Size: 61.34 kB - mod_session-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: aa4997adea66fdff2b82f6ffdaad6e01
SHA-256: 9d4e115b1068cf2bd8c3f6f714efa067a0e59a4493461ad9343f814a2b700955
Size: 72.99 kB - mod_ssl-2.4.37-43.module+el8+1401+e8b32579.2.ML.1.x86_64.rpm
MD5: 9b4ee5268925b10970161a04b99a34b1
SHA-256: 2ba6001d3cf1e11329a372f263fa3a7727ee89f1a74cc744a618cd5a3e83c278
Size: 135.56 kB - mod_http2-1.15.7-3.module+el8+1401+e8b32579.x86_64.rpm
MD5: ab657c034d28c95acd83e73166ff39cb
SHA-256: e46602b32e3e21b99eac507756e8d34b7727269eee981088e07ad784c3210b49
Size: 153.12 kB - mod_http2-debugsource-1.15.7-3.module+el8+1401+e8b32579.x86_64.rpm
MD5: 2db26b43beadb0c5576b71a4ec878041
SHA-256: f351297c594d2f3a43d64e28a2ade7739033780f42b654f1ad2e9eb3eeb0da1f
Size: 146.91 kB - mod_md-2.0.8-8.module+el8+1401+e8b32579.x86_64.rpm
MD5: 22d4a6f1b416dbe6f949ae3f0d7cfc3c
SHA-256: bf2dbfffa95945bac03843709044b9f28143a5e5f1963a32df896c88eeb98549
Size: 183.58 kB - mod_md-debugsource-2.0.8-8.module+el8+1401+e8b32579.x86_64.rpm
MD5: 55280245e893a7d8d17f6b9f4f8a48da
SHA-256: c5d810357561a2fdff53744f12b9458e8e23f3ffbb8606352593a9760721fb01
Size: 126.24 kB
日本語