ProHoster > Блог > ozi ịntanetị > Mwepụta nke sava Apache http 2.4.43

Mwepụta nke sava Apache http 2.4.43

bipụtara ntọhapụ nke sava Apache HTTP 2.4.43 (mwepụta 2.4.42 ka awụsara), nke webatara 34 mgbanwe ma kpochapụ 3 adịghị ike:

  • CVE-2020-1927: adịghị ike na mod_rewrite nke na-enye ohere iji ihe nkesa na-ebuga arịrịọ na akụrụngwa ndị ọzọ (mepee redirect). Ụfọdụ mod_rewrite ntọala nwere ike ime ka ezigara onye ọrụ gaa na njikọ ọzọ, tinye akara site na iji mkpụrụedemede ọhụrụ n'ime oke ejiri na redirect dị ugbu a.
  • CVE-2020-1934: adịghị ike na mod_proxy_ftp. Iji ụkpụrụ enweghị mmalite nwere ike iduga n'ike ebe nchekwa mgbe ị na-arịọ arịrịọ na sava FTP na-achịkwa onye mwakpo.
  • Ntupu ebe nchekwa na mod_ssl nke na-eme mgbe ị na-ekekọta arịrịọ OCSP.

Mgbanwe ndị kacha ama ama na-abụghị nchekwa bụ:

  • agbakwunyere modul ọhụrụ mod_sistemu, nke na-enye ntinye aka na njikwa sistemu sistemu. Modul ahụ na-enye gị ohere iji httpd na ọrụ nwere ụdị "Ụdị = ngosi".
  • agbakwunyere nkwado mkpokọta na apxs.
  • Ike nke modul mod_md, nke ọrụ Let's Encrypt rụpụtara iji megharịa nnata na nhazi nke asambodo site na iji protocol ACME (Automatic Certificate Management Environment), agbasawanye:
    • Agbakwunyere ntuziaka MDContactEmail, site na nke ị nwere ike ezipụta ozi-e kọntaktị na-anaghị agafe na data sitere na ntuziaka ServerAdmin.
    • Maka ndị ọbịa niile mepere emepe, nkwado maka protocol ejiri mgbe ị na-akparịta ụka maka ọwa nzikọrịta ozi echedoro ("tls-alpn-01") enwetara nkwenye.
    • Kwe ka mod_md ntụziaka ka-eji na ngọngọ Na .
    • Gbaa mbọ hụ na edegharịrị ntọala ndị gara aga mgbe ị na-eji MDCChallenges.
    • Agbakwunyere ikike ịhazi url maka CTlog Monitor.
    • Maka iwu akọwapụtara na ntuziaka MDmessageCmd, oku nwere arụmụka “arụnyere” ka a na-enye mgbe ị na-arụ ọrụ asambodo ọhụrụ ka emegharịrị ihe nkesa (dịka ọmụmaatụ, enwere ike iji ya detuo ma ọ bụ tụgharịa asambodo ọhụrụ maka ngwa ndị ọzọ).
  • mod_proxy_hcheck agbakwunyere nkwado maka ihe nkpuchi%{Ọdịnaya-Ụdị} n'okwu nlele.
  • Agbakwunyela kukiSameSite, kukiHTTPO naanị na ụdị kukiSecure na mod_usertrack iji hazie nhazi kuki onye ọrụ.
  • mod_proxy_ajp na-emejuputa nhọrọ "nzuzo" maka ndị na-ahụ maka proxy iji kwado protocol nyocha AJP13.
  • Nhazi agbakwunyere maka OpenWRT.
  • Nkwado agbakwunyere na mod_ssl maka iji igodo nzuzo na asambodo sitere na OpenSSL ENGINE site na ịkọwa PKCS#11 URI na SSLCertificateFile/KeyFile.
  • Nnwale etinyere n'ọrụ site na iji usoro ntinye aka na-aga n'ihu Travis CI.
  • Ntụle nke ngbanwe-ngbanwe nkụnye eji isi mee ka ike sie ike.
  • mod_ssl na-enye mkparịta ụka protocol TLS n'ihe metụtara ndị ọbịa mebere (akwadoro mgbe ejiri OpenSSL-1.1.1+ rụọ ya.
  • Site n'iji hashing maka tebụl iwu, malitegharịa na ọnọdụ "mara mma" na-emewanyewanye (na-akwụsịghị ndị nhazi ajụjụ).
  • Tebụl ndị a na-agụ naanị agbakwunyere r: headers_in_table, r: headers_out_table, r:err_headers_out_table, r: note_table na r: subprocess_env_table ka mod_lua. Kwe ka e kenye tebụl uru "nil".
  • Na mod_authn_socache abawanyela oke nke ahịrị cache site na 100 ruo 256.

isi: opennet.ru

Tinye a comment