ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm Apache http server 2.4.43

Tso tawm Apache http server 2.4.43

luam tawm tso tawm ntawm Apache HTTP server 2.4.43 (tso tawm 2.4.42 raug hla), uas tau qhia 34 hloov thiab tshem tawm 3 vulnerabilities:

  • CVE-2020-1927: qhov tsis zoo hauv mod_rewrite uas tso cai rau tus neeg rau zaub mov siv los xa cov lus thov mus rau lwm qhov chaw (qhib redirect). Qee qhov kev teeb tsa mod_rewrite tuaj yeem ua rau tus neeg siv tau xa mus rau lwm qhov txuas, encoded siv tus cim kab tshiab nyob rau hauv ib qho kev siv nyob rau hauv ib qho redirect uas twb muaj lawm.
  • CVE-2020-1934: vulnerability hauv mod_proxy_ftp. Kev siv cov txiaj ntsig tsis tsim nyog tuaj yeem ua rau lub cim xeeb xau thaum tso npe thov mus rau tus neeg saib xyuas-tswj FTP server.
  • Nco xau hauv mod_ssl uas tshwm sim thaum chaining OCSP thov.

Qhov tseem ceeb tshaj plaws kev hloov pauv tsis muaj kev ruaj ntseg yog:

  • Tshiab module ntxiv mod_systemd, uas muab kev koom ua ke nrog tus tswj hwm qhov systemd. Lub module tso cai rau koj siv httpd hauv cov kev pabcuam nrog "Type = ceeb toom" hom.
  • Kev txhawb nqa hla kev sib sau tau ntxiv rau apxs.
  • Lub peev xwm ntawm mod_md module, tsim los ntawm Let's Encrypt project los ua kom tau txais daim ntawv lees paub thiab kev saib xyuas cov ntawv pov thawj siv ACME (Automatic Certificate Management Environment) raws tu qauv, tau nthuav dav:
    • Ntxiv rau MDContactEmail cov lus qhia, dhau los ntawm qhov koj tuaj yeem teev tus email tiv tauj uas tsis sib tshooj nrog cov ntaub ntawv los ntawm ServerAdmin cov lus qhia.
    • Rau txhua tus tswv tsev virtual, kev txhawb nqa rau cov txheej txheem siv thaum sib tham txog kev sib txuas lus ruaj ntseg ("tls-alpn-01") raug txheeb xyuas.
    • Tso cai mod_md cov lus qhia siv rau hauv cov blocks Thiab .
    • Xyuas kom meej tias cov teeb tsa yav dhau los raug sau dua thaum rov siv MDCChallenges.
    • Ntxiv lub peev xwm los teeb tsa url rau CTlog Saib.
    • Rau cov lus txib uas tau teev tseg hauv MDMessageCmd cov lus qhia, kev hu xov tooj nrog cov lus "tshem" yog muab thaum qhib daim ntawv pov thawj tshiab tom qab lub server rov pib dua (piv txwv li, nws tuaj yeem siv los luam lossis hloov daim ntawv pov thawj tshiab rau lwm daim ntawv thov).
  • mod_proxy_hcheck ntxiv kev txhawb nqa rau %{Content-Type} daim npog qhov ncauj hauv cov lus qhia.
  • CookieSameSite, CookieHTTPOnly thiab CookieSecure hom tau ntxiv rau mod_usertrack los teeb tsa cov neeg siv cov khoom qab zib ua tiav.
  • mod_proxy_ajp siv qhov kev xaiv "secret" rau cov neeg ua haujlwm npe los txhawb nqa cov txheej txheem AJP13 authentication raws tu qauv.
  • Ntxiv configuration teem rau OpenWRT.
  • Ntxiv kev txhawb nqa rau mod_ssl rau kev siv cov yuam sij ntiag tug thiab daim ntawv pov thawj los ntawm OpenSSL ENGINE los ntawm kev qhia PKCS # 11 URI hauv SSLCertificateFile/KeyFile.
  • Kev sim ua tiav siv qhov kev sib koom ua ke txuas ntxiv Travis CI.
  • Parsing ntawm Hloov-Encoding headers tau nruj.
  • mod_ssl muab TLS raws tu qauv sib tham nyob rau hauv kev sib raug zoo nrog virtual hosts (txhawb thaum tsim nrog OpenSSL-1.1.1+.
  • Los ntawm kev siv hashing rau cov lus hais kom ua, rov pib dua hauv "zoo" hom yog nrawm dua (tsis cuam tshuam cov lus nug cov txheej txheem).
  • Ntxiv cov ntawv nyeem nkaus xwb r:headers_in_table, r:headers_out_table, r:err_headers_out_table, r:notes_table and r:subprocess_env_table to mod_lua. Cia cov ntxhuav tau muab tus nqi "nil".
  • Hauv mod_authn_socache qhov txwv ntawm qhov loj ntawm kab cached tau nce los ntawm 100 txog 256.

Tau qhov twg los: opennet.ru

Ntxiv ib saib