httpd:2.4 security update

エラータID: AXSA:2022-3749:01

Release date: 
Monday, August 29, 2022 - 08:50
Subject: 
httpd:2.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-13950
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Modularity name: httpd
Stream name: 2.4

Solution: 

Update packages.

CVEs: 
CVE-2020-13950
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.src.rpm
    MD5: e7fd1c470b95bb82aa4e62afdbc07266
    SHA-256: cc514ee18c3a4d8481db620043908f96f78fcbc48c7ee4d1a09fc2fee9bc45d3
    Size: 6.92 MB
  2. mod_http2-1.15.7-5.module+el8+1500+87f95d5e.src.rpm
    MD5: 905b0cebdf96cdd1d7c2746a2c492570
    SHA-256: cbeb74110f1fa6409ebe5ccd1599b395c2894ab687538449f9ca9cdf17729dfe
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1500+87f95d5e.src.rpm
    MD5: 6f7480f3d151a14faff23546e3474da9
    SHA-256: d3dcf7e9f77fe27226cd742bbd62a5496ebf22c9808d2c4d758dd66b0b5e21eb
    Size: 635.32 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: 64578fa648383360773104194dfcf206
    SHA-256: 7720168032307bc0f0cae14e5a2335a5572aa5dd02e51e648b0245bda87b9ee6
    Size: 1.41 MB
  2. httpd-debugsource-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: e74474e04b676f8470a5409855ea4ab6
    SHA-256: 567bdc729e8bc787236e0d2b3957a6c993d1b17f622c138265c3824f68f2b92e
    Size: 1.45 MB
  3. httpd-devel-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: 0ad1c318cd1e9153bdf1241fbf1b3dcc
    SHA-256: d9789186c3dcffa4c790387a659e4b99a4e1bb4998fb0d99a545d567c885f96e
    Size: 223.06 kB
  4. httpd-filesystem-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.noarch.rpm
    MD5: 5ca28df110c81bdd99a02a409e35245a
    SHA-256: 0a58eae2ea2ce6a33dec597c4b453307da42d43018dd1d29d8fa273d23e06e5e
    Size: 39.99 kB
  5. httpd-manual-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.noarch.rpm
    MD5: eb3d48ee50ec28fb07a0d0da1d73b9ab
    SHA-256: 96033883b90f403d244c5788d3e6acd2d3f71d6d5755cde856e5087f4ecf325b
    Size: 2.38 MB
  6. httpd-tools-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: b7ba5691d0b6e2d409e3f0f23602b343
    SHA-256: 91a50bbbfc4bec0ad7be2e34cae878320f2997b056c7dbbe8506bf119f2036c9
    Size: 107.20 kB
  7. mod_ldap-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: b687ab8e967f8e322242534d8a407d81
    SHA-256: 229ecb4068a8085633620fb4583bec89a8056de616acbe195b46fe8903a04836
    Size: 85.30 kB
  8. mod_proxy_html-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: 691376794ad9d5d9ca9cf863a3349e2e
    SHA-256: 5fbce6a38ef34b05fa5ab3a71291431e3c25f4e8f1bdc5f0ef3f0553d8b70f21
    Size: 62.42 kB
  9. mod_session-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: 6de2d874ed82b049283c9dfccd378ec3
    SHA-256: 2ad48888bc9a8513bd9783eedc472272f98f8feb1e265aed0d7ebfcad9e811ab
    Size: 74.12 kB
  10. mod_ssl-2.4.37-47.module+el8+1500+87f95d5e.2.ML.1.x86_64.rpm
    MD5: 5ee6c9be9226e3f47e615616cad5cdb9
    SHA-256: cfa48bc538d2976b18349bde5dc39721b48d6f8ae76a924b7931f9316fa4e0fe
    Size: 136.62 kB
  11. mod_http2-1.15.7-5.module+el8+1500+87f95d5e.x86_64.rpm
    MD5: c8bb91ade932f7cca70e279bc0c7af8c
    SHA-256: b43859300aed9d7047d099d9e1f1de683ac37fbe2c1792da42b023437309554f
    Size: 153.29 kB
  12. mod_http2-debugsource-1.15.7-5.module+el8+1500+87f95d5e.x86_64.rpm
    MD5: df15661a92712a655e9d42d3d3f43476
    SHA-256: ec159583451f32018cad4c361a028d5e1d97e73e38af65bde4335e316e059e23
    Size: 146.76 kB
  13. mod_md-2.0.8-8.module+el8+1500+87f95d5e.x86_64.rpm
    MD5: 6e2769d85484a107678d1e9f05714dd8
    SHA-256: 916df4b960dbc668b79ec4b913952437a260fa09071bbe93a7a2f805f733b654
    Size: 183.61 kB
  14. mod_md-debugsource-2.0.8-8.module+el8+1500+87f95d5e.x86_64.rpm
    MD5: 5298e306ac1b761ccd1a2b660cff3d4e
    SHA-256: cd4cb61b628b0cff361c7f8966617a2077268ac3298ad267f186947b5c9a7807
    Size: 126.24 kB