httpd-2.4.6-99.1.0.3.el7.AXS7

エラータID: AXSA:2024-8720:05

リリース日: 
2024/08/27 Tuesday - 11:07
題名: 
httpd-2.4.6-99.1.0.3.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible web server.

Security Fix(es):

* CVE-2024-39884: modules: source code disclosure with handlers configured via
AddType. Resolving regression introduced by CVE-2024-38476 fix.
* CVE-2024-40725: modules: source code disclosure with handlers configured via
AddType. Resolving regression introduced by CVE-2024-39884 fix.

CVE(s):
CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.

解決策: 

Update packages.

CVE: 
CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. httpd-2.4.6-99.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 6aaddeee06e2f4f986d57cb454f09928
    SHA-256: 94b80977a0484768382550f6df4995165ddb626859588811eb9fac441641a207
    Size: 1.20 MB
  2. httpd-devel-2.4.6-99.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 2fafcd3d69e4334368ea7ac637f953d8
    SHA-256: 1dc8f21620d2b15431f378027f739f2ca1967f8bc60db049c85ca131c5e6318e
    Size: 201.46 kB
  3. httpd-manual-2.4.6-99.1.0.3.el7.AXS7.noarch.rpm
    MD5: dfe14d0c79a93ccd6ec6840d53a4da3e
    SHA-256: 73eda8fe575288f689f6fe3ee0c698a4c7c1598a36dbd5b8eb0e071cf994c6e3
    Size: 1.35 MB
  4. httpd-tools-2.4.6-99.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 2a81efe40d87f3519badbbaf8174f1dc
    SHA-256: dc6512b4efcf1812914a0d979f074942e7abfd973b3b03bcd29312d833184be0
    Size: 94.53 kB
  5. mod_session-2.4.6-99.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 18209cdd46902fa24712aea39d528027
    SHA-256: 3ba1d49cce30c7e85bc6c282d5eb72154cd033f6e7e82e92671ab473c4dddd37
    Size: 64.60 kB
  6. mod_ssl-2.4.6-99.1.0.3.el7.AXS7.x86_64.rpm
    MD5: d479b72fd6ac7779a05eccb54e7cf92c
    SHA-256: 2af8b5ea92c3dd4598202f076f421bf143f6c91ff8ae02533a1e31a69926e573
    Size: 115.69 kB