httpd:2.4 security and bug fix update

エラータID: AXSA:2022-3552:01

Release date: 
Friday, July 15, 2022 - 08:29
Subject: 
httpd:2.4 security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

Modularity name: httpd
Stream name: 2.4

Solution: 

Update packages.

CVEs: 
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.src.rpm
    MD5: 89d955d4bd7cac67e6cb102c605a4a0b
    SHA-256: b6b7866da20c255832c0c27d439554ec3f5fdbe07ef65a32177264cc60e539c4
    Size: 6.92 MB
  2. mod_http2-1.15.7-5.module+el8+1489+4574cac0.src.rpm
    MD5: e4592a0c8c83e8e055c214d72727c4dd
    SHA-256: 85776222169f0b58d634469ab2717d05662f90304954905b90479b4395465a82
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1489+4574cac0.src.rpm
    MD5: 32dc5ae886438b391914ca7bacd72664
    SHA-256: 77682edfc60794c23e0f4adc8a8967ead7d4ccab1e7dbf27840562fd0ce41b31
    Size: 635.32 kB

Asianux Server 8 for x86_64
  1. mod_ssl-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 763fa0bde4b3b695c184cb8156b4ceb5
    SHA-256: 3e20d2a8609315f012f910379508f4b1084b2164f12be4f513c43858198ecee9
    Size: 136.47 kB
  2. mod_session-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: c501448bddc3cc4c6f531cc93f3dacc6
    SHA-256: d2f260f10020da40e1bd230152a4ecb0f94010856b40acf7b52d6983b41868db
    Size: 73.97 kB
  3. mod_ldap-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 1892cc9699845e2c7fe4fda351de7ddf
    SHA-256: 20e10c52d28220997d44fc0ce1523c6fc47f9248ea855dfdf5783e5104b21840
    Size: 85.15 kB
  4. httpd-debugsource-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 6ff4473e1dc75e6f87de6c016075ac23
    SHA-256: ca04fe926c3a666a54cb5f7484cbaacaed39cbd2973d44326b5b410dce0000ec
    Size: 1.45 MB
  5. httpd-tools-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 1ca09706d7539300fe91c6815a6caffe
    SHA-256: 3ce015c3a525914ed47aa03f4ce685389fd4fe4cc1280dd5d2c66c056d6bf4eb
    Size: 107.06 kB
  6. httpd-devel-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: cb28098ce69fe29d333306749b258018
    SHA-256: bbcbe8a6d8d4d82e3c0164580fe0133a1f4c279710b5ef571c9d063554cd2928
    Size: 222.93 kB
  7. httpd-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 2ae460aeefaa747181bc6ade67d42817
    SHA-256: 33c31c56c3fd47c2c4481d4171324b29a46d6a5801450b4e9c0f0c99d75a003d
    Size: 1.41 MB
  8. mod_proxy_html-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.x86_64.rpm
    MD5: 089dd721ecf3cdcb00bb7adbdad8aae6
    SHA-256: 784ede58735bf2206e024ba120dfd59204cbd3aa4a2e3a739a2c9788f017b8bc
    Size: 62.27 kB
  9. httpd-manual-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.noarch.rpm
    MD5: acbeb88ff47974dd405f0f36f6aaee1e
    SHA-256: 2c485d2672f6b7411583f1de4d1fb67635de2c64a2df3702a5a221f4bccbfd66
    Size: 2.38 MB
  10. httpd-filesystem-2.4.37-47.module+el8+1489+4574cac0.1.ML.1.noarch.rpm
    MD5: 9f9e4dd6f0ae34918705290ee4820ee5
    SHA-256: 249d90f8b614bf4f407c0a3c7a87b605c6ca76496a23e52826be9faabed0d736
    Size: 39.85 kB
  11. mod_http2-1.15.7-5.module+el8+1489+4574cac0.x86_64.rpm
    MD5: cd3e3fb3d739824de5356fb5d4bc2c07
    SHA-256: 10374d23735beaf1d79e96a77207160ae61240256ff53cf123d2a42831533b9a
    Size: 153.30 kB
  12. mod_http2-debugsource-1.15.7-5.module+el8+1489+4574cac0.x86_64.rpm
    MD5: 8b92598eb75b67d3df2a11e5504ca2a6
    SHA-256: 3fdae4373d2625b52117f060c7928f228749bf435ee992e1359a30fd1f3ee08a
    Size: 146.76 kB
  13. mod_md-debugsource-2.0.8-8.module+el8+1489+4574cac0.x86_64.rpm
    MD5: 4330d5468888151864772cff151edf7c
    SHA-256: b299e854efbdbff62c985a45c07b2c5ccb500dcca3d224c47fca70b426816380
    Size: 126.24 kB
  14. mod_md-2.0.8-8.module+el8+1489+4574cac0.x86_64.rpm
    MD5: 0d56b42917ad78622d563cd270400b53
    SHA-256: e853bb44e53a4c0981a8d424e883e033f19c50f12ecc0390c971d8fac204e5ea
    Size: 183.57 kB