diff --git a/apache2-CVE-2024-36387.patch b/apache2-CVE-2024-36387.patch new file mode 100644 index 0000000..3f5b019 --- /dev/null +++ b/apache2-CVE-2024-36387.patch @@ -0,0 +1,30 @@ +commit 62aa64e5aea21dd969db97aded4443c98c0735ac +Author: Eric Covener +Date: Mon Jun 24 17:51:42 2024 +0000 + + Merge r1918548 from trunk: + + mod_http2: early exit if bb is null + + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/modules/http2/h2_c2.c b/modules/http2/h2_c2.c +index a955200944..c65a521ab8 100644 +--- a/modules/http2/h2_c2.c ++++ b/modules/http2/h2_c2.c +@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb) + h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c); + apr_status_t rv; + ++ if (bb == NULL) { ++#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1) ++ f->c->data_in_output_filters = 0; ++#endif ++ return APR_SUCCESS; ++ } ++ + ap_assert(conn_ctx); + #if AP_HAS_RESPONSE_BUCKETS + if (!conn_ctx->has_final_response) { diff --git a/apache2.changes b/apache2.changes index b3609bc..d9527f8 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 17 04:59:12 UTC 2024 - Martin Schreiner + +- Security fix: + - CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2 + * Added apache2-CVE-2024-36387.patch + ------------------------------------------------------------------- Mon Jul 8 10:53:20 UTC 2024 - David Anes diff --git a/apache2.spec b/apache2.spec index 205ed78..4bb18c2 100644 --- a/apache2.spec +++ b/apache2.spec @@ -209,6 +209,8 @@ Patch106: apache2-CVE-2024-38477.patch Patch107: apache2-CVE-2024-38475-1.patch Patch108: apache2-CVE-2024-38475-2.patch Patch109: apache2-CVE-2024-38475-3.patch +# FIX-UPSTREAM: CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2 +Patch110: apache2-CVE-2024-36387.patch BuildRequires: apache-rpm-macros-control #Since 2.4.7 the event MPM requires apr 1.5.0 or later.