httpd:2.4 security update
エラータID: AXSA:2022-2988:01
リリース日:
2022/01/20 Thursday - 02:02
題名:
httpd:2.4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP サーバーにはオリジンサーバーより送信された、巧妙に細工された
SessionHeader を処理する際にヒープ領域のバッファーオーバーフローが発生する
脆弱性があります。(CVE-2021-26691)
- httpd には、巧妙に細工された URI を利用して mod_proxy にリモートのユーザーに
よって選択されたオリジンサーバーにリクエストを転送させることが可能な脆弱性が
あります。(CVE-2021-40438)
現時点では CVE-2021-20325 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
Modularity name: httpd
Stream name: 2.4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-20325
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.37-43.module+el8+1377+1c08e368.src.rpm
MD5: f7b69029d9fd1d723475f20ba68f3340
SHA-256: d9c1cd75d97b77af1b328ace5fcafd434af718f453c6e30f830dcc56d922db74
Size: 6.90 MB - mod_http2-1.15.7-3.module+el8+1377+1c08e368.src.rpm
MD5: ab47d72234c192474cbbf74fa497f3da
SHA-256: fd1efc214a6834a558b343f523b5fbc197da93fe12d5bb14b6593e8827f17ca3
Size: 1.01 MB - mod_md-2.0.8-8.module+el8+1377+1c08e368.src.rpm
MD5: b99700f8e1ab42c7a7d91b178b855d10
SHA-256: f107ec9d85381dc68ca9e44b573e747968eb4670271abdd52e0fb7a761bb1c4a
Size: 635.34 kB
Asianux Server 8 for x86_64
- httpd-filesystem-2.4.37-43.module+el8+1377+1c08e368.noarch.rpm
MD5: d230281953dea4fe6ae017d9ef48b2a0
SHA-256: dafb3c3656ef5362050a1c44315d4bcabde42c877120ac0c84071bbc5110c2dd
Size: 38.31 kB - mod_ssl-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: 6f0898442b9801e4d8975f49f6528feb
SHA-256: d7052a3182ee5bf505f0d11cec7af7a8b25f3d4be9d6f8d75cfe6242b68d25a3
Size: 134.90 kB - httpd-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: 6f3f04b563ab220ccf6fa1a75f8a44a3
SHA-256: bdc155a80f85a65c75dcae181e3b2b18ca6c9740b4c9c7d3f5d8904850bc5843
Size: 1.40 MB - httpd-tools-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: f5701a9b824ee0f345e6ab6557083c46
SHA-256: e1928a12093f4ea249d424462854b042a6de41df10a2ad003eca5fe8222923d9
Size: 105.31 kB - mod_session-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: 98932ec58ab9f67363c7bd066d4a75a3
SHA-256: 076f37357dc9ec8b99cf557cfe3a322fac37b39cec44542200157d2308e0e6dd
Size: 72.33 kB - mod_ldap-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: e7a00f06e917b788a9ba029c7ae82236
SHA-256: 83234f24ae0aaa871e10ea78a7d1b79461b7f9ee3e5513aa73b37aafb9d9ce63
Size: 83.58 kB - httpd-manual-2.4.37-43.module+el8+1377+1c08e368.noarch.rpm
MD5: e3e1f95d494d18b1c20e16b98ed341ce
SHA-256: cc8862651ce85f5110fdd5a19fcaad227e64cc98c38d211b655a0022fbbdd53e
Size: 2.37 MB - httpd-devel-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: 38374e773b27cedbae0aff8a1fa6c8a9
SHA-256: 543e71ad53af0d3e3689660b23bd8a45b58a77fbb2662e2a819a12dd82bd61ce
Size: 220.92 kB - httpd-debugsource-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: eacfbf0df240e9b880c21acbe43817be
SHA-256: 34c78422ffdb7b17cefcb25b354316d8312fc2b19c43f15f905b9a6e5652fe14
Size: 1.44 MB - mod_proxy_html-2.4.37-43.module+el8+1377+1c08e368.x86_64.rpm
MD5: 21fd6a78421069079cc8052f49377631
SHA-256: 197320c3d90039dab3b6c8cdbce3d5663afa226aa76c4cd98bdfe2f07c189a9c
Size: 60.68 kB - mod_http2-debugsource-1.15.7-3.module+el8+1377+1c08e368.x86_64.rpm
MD5: 95b2bab9358de75fb49c3bf5acc7e45d
SHA-256: a074975cc633dca0cb7c646fd58783dc49f72999a65edb695d280e5de5065bc6
Size: 146.92 kB - mod_http2-1.15.7-3.module+el8+1377+1c08e368.x86_64.rpm
MD5: 5a078cb6c00d025c979ded639e68c075
SHA-256: 8f1ce6e102adf78fbdfaf2bb44f8be00cb87a43c0293705878e37c3f945b4c4d
Size: 153.12 kB - mod_md-debugsource-2.0.8-8.module+el8+1377+1c08e368.x86_64.rpm
MD5: 6a29f66f2bd0a3d5f1c45418f8f9d083
SHA-256: cbf1e0d19be9c1669ea02ee6b92588aa22abaa03bb5bddb5d287de6e6d8cd36e
Size: 126.25 kB - mod_md-2.0.8-8.module+el8+1377+1c08e368.x86_64.rpm
MD5: ebc0a40d3be77f5b48bcdba278504fb0
SHA-256: 24fa1c66ffa6071a5e3ece570896688351673daf6f0b5fa7f60133aaf61d579f
Size: 183.59 kB
English