httpd-2.4.6-99.1.0.8.el7.AXS7

エラータID: AXSA:2025-10561:05

リリース日: 
2025/07/23 Wednesday - 17:04
題名: 
httpd-2.4.6-99.1.0.8.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Security Fix(es):

* CVE-2020-35452: mod_auth_digest: Fix single zero byte stack overflow
* CVE-2006-20001: mod_dav: out-of-bounds read/write

CVE(s):
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

解決策: 

Update packages.

CVE: 
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. httpd-2.4.6-99.1.0.8.el7.AXS7.x86_64.rpm
    MD5: d58788222b26d36db2ff7da217cb0e71
    SHA-256: 9bb10b696f8b9829dae10223f4c36bcc2a0816be07444b50c02c2334700fe313
    Size: 1.20 MB
  2. httpd-devel-2.4.6-99.1.0.8.el7.AXS7.x86_64.rpm
    MD5: 640e8e0d96f33d53144a83bb619024cc
    SHA-256: 47b27f164e76bcb96c846cf39537788e8b95443caf2f9d58f076141ac35600b0
    Size: 202.43 kB
  3. httpd-manual-2.4.6-99.1.0.8.el7.AXS7.noarch.rpm
    MD5: 874733e62d85d03b6187fbb6aaed4980
    SHA-256: 553864c43f365394d7c6415724d3c5e283f220288f4d3a57505f0db3cf65fccb
    Size: 1.35 MB
  4. httpd-tools-2.4.6-99.1.0.8.el7.AXS7.x86_64.rpm
    MD5: f75a8aef5962f65f5e2097f0712496a8
    SHA-256: 8266fbed643ecccc96d3fd29c76112d2fc0d8d07ad443b9bac537009592fec9c
    Size: 95.38 kB
  5. mod_session-2.4.6-99.1.0.8.el7.AXS7.x86_64.rpm
    MD5: 737caf1f40ad255b452dd91ea847c33e
    SHA-256: 9b1e66735b7e1a894635718c70de52b174e9d05f05189b8ea3ec12918566b384
    Size: 65.45 kB
  6. mod_ssl-2.4.6-99.1.0.8.el7.AXS7.x86_64.rpm
    MD5: 3ed2fa1ff261c0aca6c827f57d0540fb
    SHA-256: bfd6e4ab330503cf5bb8a12d74ecaf189a680197902e8f003a1ac4f22bee570c
    Size: 116.55 kB