ProHoster > Блог > labaran intanet > Sakin uwar garken Apache 2.4.54 http tare da ƙayyadaddun lahani

Sakin uwar garken Apache 2.4.54 http tare da ƙayyadaddun lahani

An buga sakin sabar HTTP Apache 2.4.53, wanda ke gabatar da canje-canje 19 kuma yana gyara raunin 8:

  • CVE-2022-31813 wani rauni ne a cikin mod_proxy wanda zai iya toshe aika masu kai na X-Forwarded-* tare da bayani game da adireshin IP wanda asalin buƙatun ya fito. Ana iya amfani da matsalar don ƙetare iyakokin shiga bisa adiresoshin IP.
  • CVE-2022-30556 rauni ne a cikin mod_lua wanda ke ba da damar samun bayanai a wajen ma'aunin da aka keɓe ta hanyar yin magudi tare da aikin r:wsread() a cikin rubutun Lua.
  • CVE-2022-30522 - Ƙimar sabis (daga samun ƙwaƙwalwar ajiya) yayin sarrafa wasu bayanai ta mod_sed.
  • CVE-2022-29404 - mod_lua musun sabis ɗin da aka yi amfani da su ta hanyar aika buƙatun ƙira na musamman ga masu kula da Lua ta amfani da kiran r: parsebody(0).
  • CVE-2022-28615.
  • CVE-2022-28330 - Bayanan da ba su da iyaka suna zubewa a cikin mod_isapi (matsalar tana bayyana akan dandalin Windows kawai).
  • CVE-2022-26377 - Mod_proxy_ajp module yana da saukin kamuwa da hare-haren "HTTP Request Smuggling" akan tsarin gaba-karshen baya wanda ke ba da damar abun ciki na sauran buƙatun mai amfani da aka sarrafa a cikin zaren iri ɗaya tsakanin ƙarshen gaba da ƙarshen baya don zama tsinke. -in.

Mafi shaharar canje-canje marasa tsaro sune:

  • mod_ssl yana sa yanayin SSLFIPS ya dace da OpenSSL 3.0.
  • Ab utility yana aiwatar da tallafi don TLSv1.3 (yana buƙatar ɗaure zuwa ɗakin karatu na SSL wanda ke goyan bayan wannan yarjejeniya).
  • A cikin mod_md, umarnin MDcertificateAuthority yana ba da damar sunan CA fiye da ɗaya da URL. Ƙara sabbin umarni: MDRetryDelay (yana bayyana jinkiri kafin aika buƙatar sake gwadawa) da MDRetryFailover (yana bayyana adadin sakewa idan an gaza kafin zaɓin madadin CA). Ƙara goyon baya ga jihar "auto" lokacin nuna ƙima a cikin tsarin "maɓalli: ƙimar". Bayar da ikon sarrafa takaddun shaida don masu amfani da VPN masu aminci na Tailscale.
  • An tsabtace tsarin mod_http2 daga lambar da ba a yi amfani da ita ba kuma mara lafiya.
  • mod_proxy yana ba da kwatancen tashar hanyar sadarwa ta baya a cikin saƙonnin kuskure da aka rubuta zuwa log ɗin.
  • A cikin mod_heartmonitor, an canza ƙimar siga na HeartbeatMaxServers daga 0 zuwa 10 (farawar ramukan ƙwaƙwalwar ajiya guda 10 da aka raba).

source: budenet.ru

Add a comment