diff --git a/apache2-CVE-2024-36387.patch b/apache2-CVE-2024-36387.patch new file mode 100644 index 0000000..3f5b019 --- /dev/null +++ b/apache2-CVE-2024-36387.patch @@ -0,0 +1,30 @@ +commit 62aa64e5aea21dd969db97aded4443c98c0735ac +Author: Eric Covener +Date: Mon Jun 24 17:51:42 2024 +0000 + + Merge r1918548 from trunk: + + mod_http2: early exit if bb is null + + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/modules/http2/h2_c2.c b/modules/http2/h2_c2.c +index a955200944..c65a521ab8 100644 +--- a/modules/http2/h2_c2.c ++++ b/modules/http2/h2_c2.c +@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb) + h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c); + apr_status_t rv; + ++ if (bb == NULL) { ++#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1) ++ f->c->data_in_output_filters = 0; ++#endif ++ return APR_SUCCESS; ++ } ++ + ap_assert(conn_ctx); + #if AP_HAS_RESPONSE_BUCKETS + if (!conn_ctx->has_final_response) { diff --git a/apache2.changes b/apache2.changes index bd7bbc6..ebc16c3 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Oct 2 18:22:25 UTC 2024 - Martin Schreiner + +- Security fix: + - CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2 + * Added apache2-CVE-2024-36387.patch + ------------------------------------------------------------------- Thu Aug 22 18:37:23 UTC 2024 - Martin Schreiner diff --git a/apache2.spec b/apache2.spec index ea8f77d..096f5bb 100644 --- a/apache2.spec +++ b/apache2.spec @@ -235,6 +235,8 @@ Patch100: apache-test-application-xml-type.patch # even if in live system I do not experience this inconsistency, let's turn off # these variables from the test Patch101: apache-test-turn-off-variables-in-ssl-var-lookup.patch +# FIX-UPSTREAM: CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2 +Patch102: apache2-CVE-2024-36387.patch BuildRequires: apache-rpm-macros-control #Since 2.4.7 the event MPM requires apr 1.5.0 or later.