httpd-2.4.6-93.0.1.el7.AXS7
エラータID: AXSA:2020-006:01
リリース日:
2020/04/22 Wednesday - 02:22
題名:
httpd-2.4.6-93.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下の項目について対処しました。
[Security Fix]
- Apache httpd の mod_authnz_ldap には、AuthLDAPCharsetConfig が設定されている場合、
Accept-Language に2文字未満のヘッダ値を利用するとメモリの境界外に NUL バイトを書き出す
ことができ、最悪の場合、プロセスがクラッシュし、サービス拒否を引き起こす脆弱性があります。(CVE-2017-15710)
- Apache HTTP Server には、デバッグモードにおいて巧妙に細工されたリクエストにより、
HTTP ヘッダーを限界値まで読み込むことで境界外アクセスを可能とし、クラッシュを引き起こす
ことのできる脆弱性があります。(CVE-2018-1301)
- Apache HTTP Server には、mod_session がセッションのデコード前に有効期限をチェック
することで、mod_session_cookie セッションからはセッションの有効期限が無視され、セッション固定攻撃を
可能にする脆弱性があります。(CVE-2018-17199)
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
CVE-2018-1301
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.6-93.0.1.el7.AXS7.src.rpm
MD5: 42bc897b66d4ac679ca386600fde1003
SHA-256: 2b708514f9a6f8006afdd0f1be83efff54eb6fa37fd834eb7e56811e6518c3f7
Size: 4.96 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-93.0.1.el7.AXS7.x86_64.rpm
MD5: b61204f33eb30ead723a4e5c07d006ae
SHA-256: 63776870e9589bfd170a9c8a0d1016112b7eae21a683ada6f67d96304a2b572b
Size: 1.19 MB - httpd-devel-2.4.6-93.0.1.el7.AXS7.x86_64.rpm
MD5: 6a251de2fa18b4457daaa4034abeb94e
SHA-256: 45131ac830a0cc1ca96ba92959cb71c4fa4389e98ff30db814b61582786e5f66
Size: 196.89 kB - httpd-manual-2.4.6-93.0.1.el7.AXS7.noarch.rpm
MD5: 26cb0e3539a91ddfbecca8e45e38c9e2
SHA-256: adfa6870492c9f01c8c2d102ea7e1ffdd3bc36b6e3b33bee8e86c712a8fc3569
Size: 1.34 MB - httpd-tools-2.4.6-93.0.1.el7.AXS7.x86_64.rpm
MD5: 0c56ec5aeb41a058357f89dc15de591a
SHA-256: 150e48e750e9629df3fb644121b2a74f2f256ae4f65136b03c16dc53dd722776
Size: 91.15 kB - mod_session-2.4.6-93.0.1.el7.AXS7.x86_64.rpm
MD5: d80bfcb08a231c3e121145df798bf418
SHA-256: 8d050a9f067cb9ab7d10df2962c33200fb8000a78800d1ce3c131865519a4f53
Size: 60.96 kB - mod_ssl-2.4.6-93.0.1.el7.AXS7.x86_64.rpm
MD5: 7494f8f3894cd80768af59d1496ae7b7
SHA-256: 69d937336693b7013ccde251681b13728046fa40086b0836c7b0354233bfd96e
Size: 112.32 kB
English