rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity
apache2/httpd-2.4.61.tar.bz2.asc

17 lines
833 B
Plaintext
Raw Normal View History

- Update to 2.4.62 *) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) [boo#1228098] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1228097] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>] *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] *) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic] OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=706
2024-08-07 12:48:58 +00:00
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmaEBhQACgkQgngd5G1Z
VPpsJg//QI5CO5SIH+aEdgwwF4/d9ChDmcU1laAe/sLVXmIMcpHvE76rjjs2rlSI
kZPlHdYZLfj6nhbDFcvWAsdBikWP0sbxb4wTR+rEztmFVewrN7EwZee9Qfe4Gkh0
FwgHyHUexfOAP2znkqcgbADuhYCn00WumNM9Sh8+pBbtX10RhA95MxMR9Z2WXDpR
wxey/h2kxjlLA42MNraF+C89U+hoNq5+MPbfRp4O3S53ftP7cwfNaJT0p4pZvn8z
fvpjqwc1QVqzJoB+Z2Pw7krK74AcW4IBDLmDvJzhvXN9I9MwT58PFkb86y5yDi6Q
6w31G7vYvLDQ0o+Z4PsH9hOtaeo/NzuaVZcCQMfd4awJkQ7ADxKzckqyy0JbITob
VN7RFISHigIC7b5RR3VpQhLQEPJHSc24tMIjYSU/sd7SZEVAIo3Waq84zhKjQVZ5
gWou9gfVT9um8iTAWRWz0dcS+rV5tnvVv8rls57VWIrysjoUWWujBf/5i8QLnR1S
+y5AO4XigRERc4Z9oD7NUXVJglXCuDUBCesYXuIn52aROlcMPeMQ+E21l+3k449Y
HXHazw0KgBZoLu7UmcbULCgRsVkAADoUUuvMh+lLsA2XpOUqSyVEoz1xGqnCuKDF
RYkLrmBDEiYLf6vWzq5JZ2znHXn3n1e+08bWEeWqyFKYLHHZJaw=
=te+z
-----END PGP SIGNATURE-----
Copy Permalink