libmicrohttpd-0.9.59-3.el8

エラータID: AXSA:2023-7100:02

Release date: 
Friday, December 22, 2023 - 09:24
Subject: 
libmicrohttpd-0.9.59-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application.

Security Fix(es):

* libmicrohttpd: remote DoS (CVE-2023-27371)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Solution: 

Update packages.

CVEs: 
CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Additional Info: 

N/A

Download: 

SRPMS
  1. libmicrohttpd-0.9.59-3.el8.src.rpm
    MD5: 6a39295a295b44d4b071ec7e6b831eac
    SHA-256: 642b62cea6795ecfb794b593b7946cfb2273f77ff44d20c3c7a1afba236694ad
    Size: 1.35 MB

Asianux Server 8 for x86_64
  1. libmicrohttpd-0.9.59-3.el8.i686.rpm
    MD5: e78a7e3b0b19dc038ba6f91641fa8703
    SHA-256: 0256f9cebb82cc9c0a544a7bacfbb9404efa4c52e84a71c2e3be31ef648b0b22
    Size: 84.50 kB
  2. libmicrohttpd-0.9.59-3.el8.x86_64.rpm
    MD5: 553106bfa0f20a72a2d3b1bd850a73d4
    SHA-256: 1e0e063eb13a144f5f8b1334e602e4ac1a85fb7ff553d5719ada05d9915e7be5
    Size: 79.75 kB
  3. libmicrohttpd-devel-0.9.59-3.el8.i686.rpm
    MD5: 9841b1300e8e55cd53344dc939477204
    SHA-256: 19a0ba19d262efbed35b5cd78e656f5245053f487ba5e71ad0ef169556b60e12
    Size: 43.66 kB
  4. libmicrohttpd-devel-0.9.59-3.el8.x86_64.rpm
    MD5: c61b52eb66b9b7ac0daa523215a2496f
    SHA-256: 9a4508294efc3783fa73ef6ca5d5d65914e432a3791ce34f8845eb9204a52ea8
    Size: 43.64 kB
  5. libmicrohttpd-doc-0.9.59-3.el8.noarch.rpm
    MD5: 9c6c39df0c4389cfd0cffdfa18cf04aa
    SHA-256: 569d1e2e32132483343806716608e661f466691b9e811f58ce13f71b739ce517
    Size: 7.36 MB