httpd:2.4 security update

エラータID: AXSA:2024-7691:01

Release date: 
Tuesday, April 16, 2024 - 17:05
Subject: 
httpd:2.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_http2: CONTINUATION frames DoS (CVE-2024-27316)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Modularity name: "httpd"
Stream name: "2.4"

Solution: 

Update packages.

CVEs: 
CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-62.module+el8+1743+c7f792e3.ML.1.src.rpm
    MD5: b8f964c52245ef18b73fce54423b203c
    SHA-256: 55907bdbe96c0944b32b6a11fe37380cdf55411d4999790dd4fed2fa9b74200a
    Size: 6.96 MB
  2. mod_http2-1.15.7-8.module+el8+1743+c7f792e3.5.ML.1.src.rpm
    MD5: 617ce1a341543e475c31cd1dc001e004
    SHA-256: a5545bb8e2f255ffa4800617083177e65793fdf4cf2e089ae35930da8b54c834
    Size: 1.02 MB
  3. mod_md-2.0.8-8.module+el8+1743+c7f792e3.src.rpm
    MD5: 3af703a9c0c5559f0c79ab1100120f4a
    SHA-256: 5f0f1db20fce0290a07d81984389c719b915feaefcc45532fdc9db3c722dccca
    Size: 635.32 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: d8161613e8ab584c1e7d8c6e1fe656a7
    SHA-256: 75fa7c0c9ba7abe09e1b71cf305557365c465950294bafc1c631009ee112a85c
    Size: 1.41 MB
  2. httpd-debugsource-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 36ecb078e846a272fd606b05af76774a
    SHA-256: 378d65f2645c30acac4b7186abd62bd9ee3c5a5174abfaa5d8349388d7f64559
    Size: 1.45 MB
  3. httpd-devel-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: a5e292fb853a169aa130f58da62080a5
    SHA-256: 52094694d462a1fd867a1a7dd8a3d7029a2abf6f705a32c5efaa2e56aee4e5c0
    Size: 226.58 kB
  4. httpd-filesystem-2.4.37-62.module+el8+1743+c7f792e3.ML.1.noarch.rpm
    MD5: b5d65e0ac96def148d20cf5a18a1b9cb
    SHA-256: 01aa9eb617eade5d3b0ad60da571148d78c6427959239323b901d85288064c49
    Size: 43.06 kB
  5. httpd-manual-2.4.37-62.module+el8+1743+c7f792e3.ML.1.noarch.rpm
    MD5: 3c7f03a81566eb205f3f91e5c0a712ce
    SHA-256: 272b2c3d218a0cfaa34ac688f1e504b1f24b7038b224c52777abedafdb910cb3
    Size: 2.38 MB
  6. httpd-tools-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 7c4cbf31309eac275ea2cfa821d589c4
    SHA-256: 1126557fade5ce887c5f71e32a89d1a15e2568a1fdbaef1cb537fadc299e277a
    Size: 110.26 kB
  7. mod_http2-1.15.7-8.module+el8+1743+c7f792e3.5.ML.1.x86_64.rpm
    MD5: 204e017d2b438de8fb63f619a2517852
    SHA-256: e4572ae139f3a7dda2da920bcd32d333738bd50d41b9b44854a5d20db8b1fd61
    Size: 154.12 kB
  8. mod_http2-debugsource-1.15.7-8.module+el8+1743+c7f792e3.5.ML.1.x86_64.rpm
    MD5: 3c373189272b92324f3c64a159280b7b
    SHA-256: b267d519050fc6c9f3b3c7339f0b1fbdb7366e0f44d231cedd31769ddab07861
    Size: 147.71 kB
  9. mod_ldap-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 3552d88838c8d7ba2b3ad7441d830dd7
    SHA-256: 7bb91747b8d6ab26ccb4a09e11bfa1f29db29c5261461ce605612b2dde0a8a74
    Size: 88.37 kB
  10. mod_md-2.0.8-8.module+el8+1743+c7f792e3.x86_64.rpm
    MD5: 63450a24149c09ee4770fdc07283e857
    SHA-256: 8e7843c66ed9fb82e6c5fe28005dc1f254ed496f946cc0d476ac4c9e932097b8
    Size: 183.63 kB
  11. mod_md-debugsource-2.0.8-8.module+el8+1743+c7f792e3.x86_64.rpm
    MD5: abad3067dc3e46f810590e4d0303b8e3
    SHA-256: ec053ce5d9eb200dc51cb4f1293d6a39c46bab47c8d7905df3e66cb16f0c240e
    Size: 126.24 kB
  12. mod_proxy_html-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 11f2b6415dea085c6802a65eaabe8591
    SHA-256: 0b0554b36c95329c3f899d4fdca4d1cfce2390f4c8285e33182b371a8b3ce593
    Size: 65.46 kB
  13. mod_session-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 44ac348acfbbe9ca2ddc7c3745c2aa80
    SHA-256: 78895b658a9d06eb3b546547178c939a94a1feb86d050a6030a89d62edbf9812
    Size: 77.17 kB
  14. mod_ssl-2.4.37-62.module+el8+1743+c7f792e3.ML.1.x86_64.rpm
    MD5: 784237270252e5f839827005d12dd4a6
    SHA-256: 937c35be915d47a8ef4a63239ff6883173211d05bb0e24e7fcd1d964903a95b0
    Size: 139.76 kB