apache: Multiple vulnerabilities

說明

The Apache httpd reports:

Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
(CVE-2017-15710)

mod_session: CGI-like applications that intend to read from mod_session’s
‘SessionEnv ON’ could be fooled into reading user-supplied data instead.
(CVE-2018-1283)

mod_cache_socache: Fix request headers parsing to avoid a possible crash with
specially crafted input data. (CVE-2018-1303)

core: Possible crash with excessively long HTTP request headers. Impractical
to exploit with a production build and production LogLevel. (CVE-2018-1301)

core: Configure the regular expression engine to match ‘$’ to the end of the
input string only, excluding matching the end of any embedded newline
characters. Behavior can be changed with new directive ‘RegexDefaultOptions’.
(CVE-2017-15715)

mod_auth_digest: Fix generation of nonce values to prevent replay attacks
across servers using a common Digest domain. This change may cause problems if
used with round robin load balancers. (CVE-2018-1312)

mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)


影響內容

Affected packages
apache24 < 2.4.30


處理方式

更新至版本 2.4.33


相關連結

https://www.auscert.org.au/bulletins/60042

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料

釘選至 Pinterest