httpd-2.4.6-67.2.0.1.el7.AXS7

エラータID: AXSA:2017-2042:02

リリース日: 
2017/09/05 Tuesday - 09:54
題名: 
httpd-2.4.6-67.2.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of
the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl
may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and
2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By
maliciously crafting a sequence of request headers, an attacker may be
able to cause a segmentation fault, or to force ap_find_token() to
return an incorrect value.
CVE-2017-7679
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime
can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value
placeholder in [Proxy-]Authorization headers of type 'Digest' was not
initialized or reset before or between successive key=value
assignments by mod_auth_digest. Providing an initial key with no '='
assignment could reflect the stale value of uninitialized pool memory
used by the prior request, leading to leakage of potentially
confidential information, and a segfault in other cases resulting in
denial of service.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. httpd-2.4.6-67.2.0.1.el7.AXS7.src.rpm
    MD5: b565dedd28393d2ecd742c2385e3d8d9
    SHA-256: 9b63478be42510ec8f7d942a0f8e57247ec5be3354afa7648ce1a029b939669b
    Size: 4.92 MB

Asianux Server 7 for x86_64
  1. httpd-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
    MD5: fc704b2b51d2d258ccd3bab7476cee81
    SHA-256: a45f10ef1f1cc492bdeffb58a39654d0ba55988fd812c870e7882ba638c72206
    Size: 1.18 MB
  2. httpd-devel-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
    MD5: b710be7086899767b049958782773043
    SHA-256: ac5268858adb5a7088c97bf4c8e392bc52b9b2438eb4804eed49288eff7819d1
    Size: 192.75 kB
  3. httpd-manual-2.4.6-67.2.0.1.el7.AXS7.noarch.rpm
    MD5: 6b8c87615cef0bd9cd5884fbf8eed243
    SHA-256: f9eb9fff00d4f00a259bf6f88d3c2473a68dd32e755e0622b55d1f44a860483e
    Size: 1.34 MB
  4. httpd-tools-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
    MD5: d25822546148983cd576775eed7ccd5f
    SHA-256: 29c11607417b08cdbc36ef6cafa9d78602af50f79afd080a73b4b41e659cea3e
    Size: 86.69 kB
  5. mod_session-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 18744c8e66b75a61d7d41291b6c46c78
    SHA-256: 3257f3a2e170cf33b3b556bac4e27fe6deac6cdf95cf6bd966ded8ea5757651c
    Size: 56.96 kB
  6. mod_ssl-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
    MD5: fc19cb90c0852cd4bdb858046ae01b6a
    SHA-256: 9f60a17ce2cb621440294e67763d9ecca1c852b020b98aeef0526abd55d2b943
    Size: 108.01 kB