httpd:2.4 security update
エラータID: AXSA:2020-846:01
リリース日:
2020/11/02 Monday - 10:13
題名:
httpd:2.4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP サーバーは HTTP/2 リクエスト内の 'Cache-Digest'ヘッダーに巧妙に細工された値を設定されると、
サーバーがリソースを HTTP/2 PUSH しようとしたときにクラッシュを引き起こす脆弱性があります。HTTP/2 機能を
"H2Push off" に設定すると、この脆弱性を軽減できます。(CVE-2020-9490)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.37-21.0.1.module+el8+137+0663b471.src.rpm
MD5: 54070f0caf1a6fc569abd258ab2f027f
SHA-256: 2705935070816599914e4f30df0ce850adf4ba57398dd3391999336294e8b172
Size: 6.84 MB - mod_http2-1.11.3-3.module+el8+137+0663b471.1.src.rpm
MD5: b00869dc760a7699fdaeed8cf83a0ced
SHA-256: 107a2bd030a10599668c2b23b271a5f2e1897569d493a9b3dc2cdf9b061ff5bd
Size: 1.00 MB - mod_md-2.0.8-7.module+el8+137+0663b471.src.rpm
MD5: 67b8cb04d6901b88994b794a29cbefa1
SHA-256: 5276145f9305563a74df451fb3bfc25deddd19eed83f520639fd03cc839b055d
Size: 634.31 kB
Asianux Server 8 for x86_64
- httpd-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: aed09be90bc7b2269b2e967ffdcec9a6
SHA-256: 317575206e087d15cea9d11638f5914afae62ef525c1e1c9fdb7bfd361ffa0e3
Size: 1.40 MB - httpd-devel-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: 1e74ecce2b5d27fa73f0c9fc73ce8d15
SHA-256: 7f3c573294ee4fc24925e14c076c26e04193a1ee888918440229d4da4fb19085
Size: 217.05 kB - httpd-filesystem-2.4.37-21.0.1.module+el8+137+0663b471.noarch.rpm
MD5: 618bded152ac74056d418a41234239c0
SHA-256: 1068bc5b84697184f22b53aa9ce40dbbe3bf992ddf9f352a85037278198b0acb
Size: 34.68 kB - httpd-manual-2.4.37-21.0.1.module+el8+137+0663b471.noarch.rpm
MD5: 7308d0733f89d3cbe28e1c50867c54e4
SHA-256: e0084be6b97945b402b580eecef8c00800fe348aef64c0c1aa0d4c0318bca586
Size: 2.37 MB - httpd-tools-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: 367d3477855f17854994e6d8060f4f69
SHA-256: d9c27a123d39ab9c3371b652fc7ee39feffa7a9aff85dce59a8b6d906205391a
Size: 101.92 kB - mod_ldap-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: 41feb3da5acd402396ab95be2e2c1019
SHA-256: 080c376d23d6ec49f1966bd49d51b7807c7229814df5d3475dba56b8a3d7cb0d
Size: 80.12 kB - mod_proxy_html-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: add37cfc0f82b73a1a1494a2f21207cf
SHA-256: da7e357234b6053b38b6f2f1e7c67c334de57e14723222fdb56ec22d813cc22f
Size: 57.03 kB - mod_session-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: eaa8da9a8a8b368ecb07f76b1da4e373
SHA-256: 07341982316b482d2f3448048191dce75562eb625b6d6b334bd8f9d60f19e4ae
Size: 68.54 kB - mod_ssl-2.4.37-21.0.1.module+el8+137+0663b471.x86_64.rpm
MD5: c22f3b2658934ed75b3cbd47a0b0698d
SHA-256: a0af5c943ce5010a87ef589ddf70a8e4b583e419489d097e351a673e2d9bfedc
Size: 130.55 kB - mod_http2-1.11.3-3.module+el8+137+0663b471.1.x86_64.rpm
MD5: 976544dffebb4cf34d83c2eed57f0331
SHA-256: 79a7bb455b74e4780fbf5d8f67abf6ae808e36f5a2fedf676a532065d7e52b55
Size: 155.14 kB - mod_md-2.0.8-7.module+el8+137+0663b471.x86_64.rpm
MD5: b0bc89df9cedc90b54b98299088b799a
SHA-256: 01075acdded89eae5dac3b892aec8cb6d0615dca5d21f8c06b5a0c337d50c098
Size: 183.53 kB