httpd-2.4.6-99.1.0.10.el7.AXS7

エラータID: AXSA:2025-10901:08

リリース日: 
2025/09/29 Monday - 10:56
題名: 
httpd-2.4.6-99.1.0.10.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Apache HTTP Server の mod_ssl には、リモートの攻撃者により、
データ破壊を可能とする脆弱性が存在します。(CVE-2024-47252)

- Apache HTTP Server の mod_ssl には、リモートの攻撃者により、
不正な認証を可能とする脆弱性が存在します。(CVE-2025-49812)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-47252
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. httpd-2.4.6-99.1.0.10.el7.AXS7.x86_64.rpm
    MD5: 636e3728d9f9f3987706a93c4cdf55c5
    SHA-256: b553d31c00cc80f48b6b8f3767d3647e58d6bc22a08bc559d067fed6df5053d2
    Size: 1.20 MB
  2. httpd-devel-2.4.6-99.1.0.10.el7.AXS7.x86_64.rpm
    MD5: 394f23b884254c89b38bbe899c8565b7
    SHA-256: 8554c3294e41c725fd231b7413e79f9fd4d0b40e9041bd2ab60a7298857cfb0d
    Size: 202.79 kB
  3. httpd-manual-2.4.6-99.1.0.10.el7.AXS7.noarch.rpm
    MD5: 7f0e76a55cb51ec84af05bb6a8723606
    SHA-256: 74ad8c68587e4e276d0c06b3f9ef98d47aa055706babafa25c7b1054bd680944
    Size: 1.35 MB
  4. httpd-tools-2.4.6-99.1.0.10.el7.AXS7.x86_64.rpm
    MD5: 316386c99224101524cf6c5005f16b03
    SHA-256: cf5eca2a0859903e38420c597bddb9fdf578515781e72a0d033c47c29ed20ec3
    Size: 95.76 kB
  5. mod_session-2.4.6-99.1.0.10.el7.AXS7.x86_64.rpm
    MD5: 5133e30170de418a0bad134970f6292f
    SHA-256: 60d0d03e3f7e02901d85d65f27f69f652914cb392b76ce6670711877fee9b8c8
    Size: 65.82 kB
  6. mod_ssl-2.4.6-99.1.0.10.el7.AXS7.x86_64.rpm
    MD5: 1f40a864932721f9fe6abe41858904f6
    SHA-256: 814ac5c01804fe6b06bb7d7102ba509d65502649c3c9e36ecdbc9f8118655fcb
    Size: 116.50 kB