httpd 보안 업데이트
업데이트 : 2017.07.17
이름 : httpd-1:2.2.34-1.an2
벤더 : AnNyung Packaging Team
설명 :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
Building option:
--with cent4 : if build on cent4
변경사항
- update 2.2.34
http://www.apache.org/dist/httpd/CHANGES_2.2.34
- security issues:
. CVE-2017-7668
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.
. CVE-2017-3169
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
. CVE-2017-3167
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
. CVE-2017-7679
mod_mime can read one byte past the end of a buffer when sending a
malicious Content-Type response header.
업데이트 패키지
SRPMS:
. httpd-2.2.34-1.an2.src.rpm
x86_64:
. httpd-2.2.34-1.an2.x86_64.rpm
. httpd-ssl-2.2.34-1.an2.x86_64.rpm
. httpd-tools-2.2.34-1.an2.x86_64.rpm
. httpd-manual-2.2.34-1.an2.x86_64.rpm
. httpd-devel-2.2.34-1.an2.x86_64.rpm
i686:
. httpd-tools-2.2.34-1.an2.i686.rpm
. httpd-ssl-2.2.34-1.an2.i686.rpm
. httpd-2.2.34-1.an2.i686.rpm
. httpd-manual-2.2.34-1.an2.i686.rpm
. httpd-devel-2.2.34-1.an2.i686.rpm
|