httpd:2.4 security, bug fix, and enhancement update

エラータID: AXSA:2021-2774:01

リリース日: 
2021/12/15 Wednesday - 08:29
題名: 
httpd:2.4 security, bug fix, and enhancement update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- httpd には、巧妙に細工されたCookie のヘッダーを mod_session で
処理することによってサービス拒否につながるヌルポインター
デリファレンスやクラッシュを引き起こす脆弱性があります。
(CVE-2021-26690)

- httpd には Merge Slashes が OFF の場合に意図しない判定の
挙動を引き起こす脆弱性があります。(CVE-2021-30641)

Modularity name: httpd
Stream name: 2.4

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. httpd-2.4.37-41.module+el8+1346+052ea7d1.ML.1.src.rpm
    MD5: 85c1e458e86d4a2b81d3a747e2e1e901
    SHA-256: 4b5b5e12909d695e51265d98551559e8314e3c9ac82734420cbc94a36f490d29
    Size: 6.90 MB
  2. mod_http2-1.15.7-3.module+el8+1346+052ea7d1.src.rpm
    MD5: 6f4c13fc9ded906716bcb8eedc7e9402
    SHA-256: c7c9786b0212fd4cec476bde846f6dd5bcf11b03c6e08f02ebba134beb702cea
    Size: 1.01 MB
  3. mod_md-2.0.8-8.module+el8+1346+052ea7d1.src.rpm
    MD5: d5e8b94b95fba863dc3dfcf522b52ca1
    SHA-256: 18f303066b7a18dd3f105bab580daf4501a553b2680498b8d31087a5bae7eb04
    Size: 635.35 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: 638ba658a3107ab4d3221e243fb8e30c
    SHA-256: 72ab9bfd3ab437b2c260a9cb03bc756ae9e6c1c1db6e43f2458e6a3651eee505
    Size: 1.40 MB
  2. httpd-debugsource-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: a334d4bc5e1ff2802e963f0ab7832373
    SHA-256: a916048cdc1e9211a278fd5e9ea4004537b1fafeb768bd0fe624c747caa5b642
    Size: 1.44 MB
  3. httpd-devel-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: 613d17f1264e8507896ae4ccfead8a15
    SHA-256: 1f0950955b22e652bf03cbc83978cf80c128cd3d0d2574cd0ce5bc52e46eae95
    Size: 220.74 kB
  4. httpd-filesystem-2.4.37-41.module+el8+1346+052ea7d1.ML.1.noarch.rpm
    MD5: f9889154c86abee2c0d6d819245ae124
    SHA-256: a3b9265de0b4a8130c7851e5f1ca477760fd63e192110a52df663a04ff588a4f
    Size: 38.10 kB
  5. httpd-manual-2.4.37-41.module+el8+1346+052ea7d1.ML.1.noarch.rpm
    MD5: d73d93bb700ce8f6f07d9bd2f532fdf0
    SHA-256: f6d622fdd772b9b392609b6d08f671a42186426e2990070b399194c4d44a9006
    Size: 2.37 MB
  6. httpd-tools-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: ab10b3ad47a93e8c449c43e1a2fe8494
    SHA-256: 56870f308f9181edb84cf33be73af7f5a765aea2401a4288991019f5df1cec7f
    Size: 105.28 kB
  7. mod_ldap-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: 68d80a4a016385a97c6732628907c857
    SHA-256: eaee1455e8a350fe787c73e85ab6418c99388c1e12b17d833178c757279e0ea1
    Size: 83.39 kB
  8. mod_proxy_html-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: aecd2dd9cdadc43450654f9cb9b2311c
    SHA-256: 11fb5ddccf7257d7757c6e605f1ff76e849bbcd381bc08fab8f10d09b8a1f270
    Size: 60.50 kB
  9. mod_session-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: 55ceb72a059b2dad6263961edea93fb0
    SHA-256: 1571b8cdb7e4543d2ee45915697631e8b13cc533279ae9c15f602942b71f2c27
    Size: 72.13 kB
  10. mod_ssl-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
    MD5: e2a3b0f4d29c90d1b3fa7a6361e6930a
    SHA-256: ec30c2c12d90d9741076aa1511b923a7087140947542d1a02ad76549a4eb7586
    Size: 134.71 kB
  11. mod_http2-1.15.7-3.module+el8+1346+052ea7d1.x86_64.rpm
    MD5: 4d90a4ff7097191cf2f8e66106ecf6d4
    SHA-256: 1e8d97f263f3290410c575b3bf76077f5c2cbb8c19badb8c1422453e7f6006b8
    Size: 153.12 kB
  12. mod_http2-debugsource-1.15.7-3.module+el8+1346+052ea7d1.x86_64.rpm
    MD5: 0d43a23070e129e1591044283cafa2e5
    SHA-256: 6a72a9d759cfc46f25fe588a66362838fb74b49921fc3020ea273b9b3d208c06
    Size: 146.92 kB
  13. mod_md-2.0.8-8.module+el8+1346+052ea7d1.x86_64.rpm
    MD5: b79af03bd0af523111c5a77fd9b16da5
    SHA-256: c1c33626bf2bf7f3ca7cd341448703d56e8e429e45e729b1c85d757771a35342
    Size: 183.57 kB
  14. mod_md-debugsource-2.0.8-8.module+el8+1346+052ea7d1.x86_64.rpm
    MD5: 66bdbcd6fd09a792d2307917ea0c2c74
    SHA-256: 06d8bb2210eced5c2d800ce6fb80990ce7629078715ffca4cf3ed69b3eee425f
    Size: 126.25 kB