rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 961671 from home:pgajdos

Browse Source 
- version update to 2.4.53
  *) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds
     (cve.mitre.org)
     Out-of-bounds Write vulnerability in mod_sed of Apache HTTP
     Server allows an attacker to overwrite heap memory with possibly
     attacker provided data.
     This issue affects Apache HTTP Server 2.4 version 2.4.52 and
     prior versions.
     Credits: Ronald Crane (Zippenhop LLC)
  *) SECURITY: CVE-2022-22721: core: Possible buffer overflow with
     very large or unlimited LimitXMLRequestBody (cve.mitre.org)
     If LimitXMLRequestBody is set to allow request bodies larger
     than 350MB (defaults to 1M) on 32 bit systems an integer
     overflow happens which later causes out of bounds writes.
     This issue affects Apache HTTP Server 2.4.52 and earlier.
     Credits: Anonymous working with Trend Micro Zero Day Initiative
  *) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability
     in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org)
     Apache HTTP Server 2.4.52 and earlier fails to close inbound
     connection when errors are encountered discarding the request
     body, exposing the server to HTTP Request Smuggling
     Credits: James Kettle <james.kettle portswigger.net>
  *) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of
     in r:parsebody (cve.mitre.org)
     A carefully crafted request body can cause a read to a random
     memory area which could cause the process to crash.
     This issue affects Apache HTTP Server 2.4.52 and earlier.
     Credits: Chamal De Silva
  *) core: Make sure and check that LimitXMLRequestBody fits in system memory.
     [Ruediger Pluem, Yann Ylavic]

OBS-URL: https://build.opensuse.org/request/show/961671
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=667
This commit is contained in:
David Anes
2022-03-14 12:02:14 +00:00
committed by Git OBS Bridge
parent 26634a3d77
commit 1dab303134
6 changed files with 92 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apache2.spec
View File

@@ -115,7 +115,7 @@
%endif
Name: apache2%{psuffix}
Version: 2.4.52
Version: 2.4.53
Release: 0
Summary: The Apache HTTPD Server
License: Apache-2.0