AXSA:2019-3830:01

リリース日: 
2019/04/11 Thursday - 20:02
題名: 
httpd24-httpd-2.4.34-7.AXS4.1
影響のあるチャネル: 
Asianux Server 4 for x86_64
Severity: 
High
詳細: 

The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.

Security Fix(es):

* httpd: privilege escalation from modules scripts (CVE-2019-0211)

* mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVE-2019-3878
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. httpd24-httpd-2.4.34-7.AXS4.1.src.rpm
md5sum: 4b80a90a1728fd9100e27be6a7da0685
sha256sum: 6f3a6e00e2c066f3b4ec4d6b593e28d9280646457a1d742a2b9709311cc2e41f
Size: 6,866 Kb

Asianux Server 4.0 for x86_64
1. httpd24-httpd-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: b84db1392fa140f9a983a5f10bde20f6
sha256sum: cfa04c73cd130d4e0867fc0c6522309e2d20cdb8e91d56bd2968b3f1af89110d
Size: 1,309 Kb
2. httpd24-httpd-devel-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: f7f94b7b3fa7d0c90e8be697754e6ece
sha256sum: 91e9fe49b07755399c70ed39c0440610bab600f268bda52316c64f46272a6053
Size: 207 Kb
3. httpd24-httpd-manual-2.4.34-7.AXS4.1.noarch.rpm
md5sum: debbac2f2c188e3d66a4d70b45baed0d
sha256sum: 9d2adec50b4083fedd35d323bcb9280b26ec0f2c055e040eb86a98b0f7e653f7
Size: 2,458 Kb
4. httpd24-httpd-tools-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: 95e02142bd506706ca0842a903db2cfa
sha256sum: c0a61f5b5c256f57e1488f4e38c4d13aa6a61499de512b2c00f49529726050a8
Size: 82 Kb
5. httpd24-mod_ldap-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: a9d26679099b5617956f4731994e78a7
sha256sum: f76f90df7eb12a37ef100fa60032c3c9e6456d9ba036c785df5695b3ca34f2f6
Size: 65 Kb
6. httpd24-mod_proxy_html-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: 682a956cacd370133dd6c53b42c30cc1
sha256sum: 890d623ebf5a4043424637014949480a66599d9a7fc53491f762351a5d74d22e
Size: 44 Kb
7. httpd24-mod_session-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: 511963636006449db7721906602206f1
sha256sum: aa4cdb92e8c1b309416fd82ba05100535c4d376002b200b86345107e4ed7d098
Size: 51 Kb
8. httpd24-mod_ssl-2.4.34-7.AXS4.1.x86_64.rpm
md5sum: 995a689f9981bdf2e17a5001e259d66a
sha256sum: 19fc64a9001736355f27b1548128c0b74fc2e26c5f47e7453c6fea3472d9b3db
Size: 108 Kb
Copyright© 2007-2015 Asianux. All rights reserved.