apache: Multiple vulnerabilities

說明

The Apache httpd reports:

Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
(CVE-2017-15710)

mod_session: CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
(CVE-2018-1283)

mod_cache_socache: Fix request headers parsing to avoid a possible crash with
specially crafted input data. (CVE-2018-1303)

core: Possible crash with excessively long HTTP request headers. Impractical
to exploit with a production build and production LogLevel. (CVE-2018-1301)

core: Configure the regular expression engine to match '$' to the end of the
input string only, excluding matching the end of any embedded newline
characters. Behavior can be changed with new directive 'RegexDefaultOptions'.
(CVE-2017-15715)

mod_auth_digest: Fix generation of nonce values to prevent replay attacks
across servers using a common Digest domain. This change may cause problems if
used with round robin load balancers. (CVE-2018-1312)

mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)


影響內容

Affected packages
apache24 < 2.4.30


處理方式

更新至版本 2.4.33


相關連結

https://www.auscert.org.au/bulletins/60042

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

釘選至 Pinterest