libmicrohttpd-0.9.72-5.el9

エラータID: AXSA:2023-6766:01

Release date: 
Thursday, December 7, 2023 - 17:23
Subject: 
libmicrohttpd-0.9.72-5.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application.

Security Fix(es):

* libmicrohttpd: remote DoS (CVE-2023-27371)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Solution: 

Update packages.

CVEs: 
CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Additional Info: 

N/A

Download: 

SRPMS
  1. libmicrohttpd-0.9.72-5.el9.src.rpm
    MD5: b2e601adc6ec1a7058d55415b12bd7a2
    SHA-256: d9fdfcf60dcf6330c2e1f30e3ebed9e38cd889847164bfafc9ac72bd11094e79
    Size: 1.63 MB

Asianux Server 9 for x86_64
  1. libmicrohttpd-0.9.72-5.el9.i686.rpm
    MD5: 5a839d1ec0274590ee4c1997fcbcdb3b
    SHA-256: a82775cb167ac048b1714750957645bf41ed6321dd4428b4cec861e618eea9b3
    Size: 88.04 kB
  2. libmicrohttpd-0.9.72-5.el9.x86_64.rpm
    MD5: 3c984d19f811e8d976f843887f9e53d0
    SHA-256: 10fbd4074c3be4fbc4da70c4bad6d4b8ba03690cc39888ce7a7b026ed0e41331
    Size: 85.25 kB
  3. libmicrohttpd-devel-0.9.72-5.el9.i686.rpm
    MD5: 619d85a54ab9859e980eeeacf564f2bb
    SHA-256: 6754a5df3c1d71ed03b20df882ba897297699c6a9b4985cd398753454a03acc6
    Size: 39.14 kB
  4. libmicrohttpd-devel-0.9.72-5.el9.x86_64.rpm
    MD5: 1944ee03b450e79423abfc2b81d7b25b
    SHA-256: 31c4c9351fd865fb697821a7cf1676f1f7d3074b84ea122988de206d1294b6f2
    Size: 39.13 kB
  5. libmicrohttpd-doc-0.9.72-5.el9.noarch.rpm
    MD5: 92a04407e12ffc55a56cda74e9d94717
    SHA-256: 1ab9e60dfd87b9bc9e04a9ee8aff8f8a9997af510a94a9d76134867777584f46
    Size: 12.66 MB