httpd:2.4 security, bug fix, and enhancement update
エラータID: AXSA:2021-2774:01
リリース日:
2021/12/15 Wednesday - 08:29
題名:
httpd:2.4 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- httpd には、巧妙に細工されたCookie のヘッダーを mod_session で
処理することによってサービス拒否につながるヌルポインター
デリファレンスやクラッシュを引き起こす脆弱性があります。
(CVE-2021-26690)
- httpd には Merge Slashes が OFF の場合に意図しない判定の
挙動を引き起こす脆弱性があります。(CVE-2021-30641)
Modularity name: httpd
Stream name: 2.4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.37-41.module+el8+1346+052ea7d1.ML.1.src.rpm
MD5: 85c1e458e86d4a2b81d3a747e2e1e901
SHA-256: 4b5b5e12909d695e51265d98551559e8314e3c9ac82734420cbc94a36f490d29
Size: 6.90 MB - mod_http2-1.15.7-3.module+el8+1346+052ea7d1.src.rpm
MD5: 6f4c13fc9ded906716bcb8eedc7e9402
SHA-256: c7c9786b0212fd4cec476bde846f6dd5bcf11b03c6e08f02ebba134beb702cea
Size: 1.01 MB - mod_md-2.0.8-8.module+el8+1346+052ea7d1.src.rpm
MD5: d5e8b94b95fba863dc3dfcf522b52ca1
SHA-256: 18f303066b7a18dd3f105bab580daf4501a553b2680498b8d31087a5bae7eb04
Size: 635.35 kB
Asianux Server 8 for x86_64
- httpd-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: 638ba658a3107ab4d3221e243fb8e30c
SHA-256: 72ab9bfd3ab437b2c260a9cb03bc756ae9e6c1c1db6e43f2458e6a3651eee505
Size: 1.40 MB - httpd-debugsource-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: a334d4bc5e1ff2802e963f0ab7832373
SHA-256: a916048cdc1e9211a278fd5e9ea4004537b1fafeb768bd0fe624c747caa5b642
Size: 1.44 MB - httpd-devel-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: 613d17f1264e8507896ae4ccfead8a15
SHA-256: 1f0950955b22e652bf03cbc83978cf80c128cd3d0d2574cd0ce5bc52e46eae95
Size: 220.74 kB - httpd-filesystem-2.4.37-41.module+el8+1346+052ea7d1.ML.1.noarch.rpm
MD5: f9889154c86abee2c0d6d819245ae124
SHA-256: a3b9265de0b4a8130c7851e5f1ca477760fd63e192110a52df663a04ff588a4f
Size: 38.10 kB - httpd-manual-2.4.37-41.module+el8+1346+052ea7d1.ML.1.noarch.rpm
MD5: d73d93bb700ce8f6f07d9bd2f532fdf0
SHA-256: f6d622fdd772b9b392609b6d08f671a42186426e2990070b399194c4d44a9006
Size: 2.37 MB - httpd-tools-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: ab10b3ad47a93e8c449c43e1a2fe8494
SHA-256: 56870f308f9181edb84cf33be73af7f5a765aea2401a4288991019f5df1cec7f
Size: 105.28 kB - mod_ldap-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: 68d80a4a016385a97c6732628907c857
SHA-256: eaee1455e8a350fe787c73e85ab6418c99388c1e12b17d833178c757279e0ea1
Size: 83.39 kB - mod_proxy_html-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: aecd2dd9cdadc43450654f9cb9b2311c
SHA-256: 11fb5ddccf7257d7757c6e605f1ff76e849bbcd381bc08fab8f10d09b8a1f270
Size: 60.50 kB - mod_session-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: 55ceb72a059b2dad6263961edea93fb0
SHA-256: 1571b8cdb7e4543d2ee45915697631e8b13cc533279ae9c15f602942b71f2c27
Size: 72.13 kB - mod_ssl-2.4.37-41.module+el8+1346+052ea7d1.ML.1.x86_64.rpm
MD5: e2a3b0f4d29c90d1b3fa7a6361e6930a
SHA-256: ec30c2c12d90d9741076aa1511b923a7087140947542d1a02ad76549a4eb7586
Size: 134.71 kB - mod_http2-1.15.7-3.module+el8+1346+052ea7d1.x86_64.rpm
MD5: 4d90a4ff7097191cf2f8e66106ecf6d4
SHA-256: 1e8d97f263f3290410c575b3bf76077f5c2cbb8c19badb8c1422453e7f6006b8
Size: 153.12 kB - mod_http2-debugsource-1.15.7-3.module+el8+1346+052ea7d1.x86_64.rpm
MD5: 0d43a23070e129e1591044283cafa2e5
SHA-256: 6a72a9d759cfc46f25fe588a66362838fb74b49921fc3020ea273b9b3d208c06
Size: 146.92 kB - mod_md-2.0.8-8.module+el8+1346+052ea7d1.x86_64.rpm
MD5: b79af03bd0af523111c5a77fd9b16da5
SHA-256: c1c33626bf2bf7f3ca7cd341448703d56e8e429e45e729b1c85d757771a35342
Size: 183.57 kB - mod_md-debugsource-2.0.8-8.module+el8+1346+052ea7d1.x86_64.rpm
MD5: 66bdbcd6fd09a792d2307917ea0c2c74
SHA-256: 06d8bb2210eced5c2d800ce6fb80990ce7629078715ffca4cf3ed69b3eee425f
Size: 126.25 kB