httpd 보안 업데이트
업데이트 : 2018.04.11
이름 : httpd-100:2.4.33-1.an3
벤더 : AnNyung Packaging Team
설명 :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
변경사항
- update 2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
. CVE-2017-15710 mod_authnz_ldap:
Out of bound write with AuthLDAPCharsetConfig enabled
. CVE-2017-15715 core:
Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
. CVE-2018-1283 mod_session:
CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
. CVE-2018-1301 core:
Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
. CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
. CVE-2018-1303 mod_cache_socache:
Fix request headers parsing to avoid a possible crash
with specially crafted input data.
. CVE-2018-1312 mod_auth_digest:
Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
업데이트 패키지
SRPMS:
. httpd-2.4.33-1.an3.src.rpm
x86_64:
. httpd-2.4.33-1.an3.x86_64.rpm
. httpd-devel-2.4.33-1.an3.x86_64.rpm
. httpd-tools-2.4.33-1.an3.x86_64.rpm
. mod_brotli-2.4.33-1.an3.x86_64.rpm
. mod_ldap-2.4.33-1.an3.x86_64.rpm
. mod_md-2.4.33-1.an3.x86_64.rpm
. mod_proxy_html-2.4.33-1.an3.x86_64.rpm
. mod_session-2.4.33-1.an3.x86_64.rpm
. mod_ssl-2.4.33-1.an3.x86_64.rpm
noarch:
. httpd-manual-2.4.33-1.an3.noarch.rpm
|