ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > ืžื”ื“ื•ืจืช ืฉืจืช http ืฉืœ Apache 2.4.46 ืขื ืคื’ื™ืขื•ื™ื•ืช ืžืชื•ืงื ื•ืช

ืžื”ื“ื•ืจืช ืฉืจืช http ืฉืœ Apache 2.4.46 ืขื ืคื’ื™ืขื•ื™ื•ืช ืžืชื•ืงื ื•ืช

ื™ืฆื ืœืื•ืจ ืžื”ื“ื•ืจื” ืฉืœ ืฉืจืช ื”-HTTP ืฉืœ Apache 2.4.46 (ื“ื™ืœื’ื• ืขืœ ืžื”ื“ื•ืจื•ืช 2.4.44 ื•-2.4.45), ืฉื”ืฆื™ื’ื” 17 ืฉื™ื ื•ื™ื™ื ื•ื—ื•ืกืœื• 3 ืคื’ื™ืขื•ื™ื•ืช:

  • CVE-2020-11984 - ื’ืœื™ืฉืช ืžืื’ืจ ื‘ืžื•ื“ื•ืœ mod_proxy_uwsgi, ืืฉืจ ื™ื›ื•ืœ ืœื”ื•ื‘ื™ืœ ืœื“ืœื™ืคืช ืžื™ื“ืข ืื• ื‘ื™ืฆื•ืข ืงื•ื“ ื‘ืฉืจืช ื‘ืขืช ืฉืœื™ื—ืช ื‘ืงืฉื” ื‘ืขืœืช ืžื‘ื ื” ืžื™ื•ื—ื“. ื”ืคื’ื™ืขื•ืช ืžื ื•ืฆืœืช ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ื›ื•ืชืจืช HTTP ืืจื•ื›ื” ืžืื•ื“. ืœื”ื’ื ื”, ื ื•ืกืคื” ื—ืกื™ืžืช ื›ื•ืชืจื•ืช ืืจื•ื›ื•ืช ืž-16K (ืžื’ื‘ืœื” ื”ืžื•ื’ื“ืจืช ื‘ืžืคืจื˜ ื”ืคืจื•ื˜ื•ืงื•ืœ).
  • CVE-2020-11993 โ€” ืคื’ื™ืขื•ืช ื‘ืžื•ื“ื•ืœ mod_http2 ื”ืžืืคืฉืจืช ืœืชื”ืœื™ืš ืœืงืจื•ืก ื‘ืขืช ืฉืœื™ื—ืช ื‘ืงืฉื” ืขื ื›ื•ืชืจืช HTTP/2 ืฉืชื•ื›ื ื ื” ื‘ืžื™ื•ื—ื“. ื”ื‘ืขื™ื” ืžืชื‘ื˜ืืช ื›ืืฉืจ ืื™ืชื•ืจ ื‘ืื’ื™ื ืื• ืžืขืงื‘ ืžื•ืคืขืœื™ื ื‘ืžื•ื“ื•ืœ mod_http2 ื•ืžืชื‘ื˜ืืช ื‘ืฉื—ื™ืชื•ืช ื‘ืชื•ื›ืŸ ื”ื–ื™ื›ืจื•ืŸ ืขืงื‘ ืžืฆื‘ ืžื™ืจื•ืฅ ื‘ืขืช ืฉืžื™ืจืช ืžื™ื“ืข ื‘ื™ื•ืžืŸ. ื”ื‘ืขื™ื” ืœื ืžื•ืคื™ืขื” ื›ืืฉืจ LogLevel ืžื•ื’ื“ืจ ืœ"ืžื™ื“ืข".
  • CVE-2020-9490 โ€” ืคื’ื™ืขื•ืช ื‘ืžื•ื“ื•ืœ mod_http2 ื”ืžืืคืฉืจืช ืœืชื”ืœื™ืš ืœืงืจื•ืก ื‘ืขืช ืฉืœื™ื—ืช ื‘ืงืฉื” ื“ืจืš HTTP/2 ืขื ืขืจืš ื›ื•ืชืจืช 'Cache-Digest' ืฉืชื•ื›ื ืŸ ื‘ืžื™ื•ื—ื“ (ื”ืงืจื™ืกื” ืžืชืจื—ืฉืช ื‘ืขืช ื ื™ืกื™ื•ืŸ ืœื‘ืฆืข ืคืขื•ืœืช HTTP/2 PUSH ื‘ืžืฉืื‘) . ื›ื“ื™ ืœื—ืกื•ื ืืช ื”ืคื’ื™ืขื•ืช, ืืชื” ื™ื›ื•ืœ ืœื”ืฉืชืžืฉ ื‘ื”ื’ื“ืจื” "H2Push off".
  • CVE-2020-11985 โ€” ืคื’ื™ืขื•ืช mod_remoteip, ื”ืžืืคืฉืจืช ืœืš ืœื–ื™ื™ืฃ ื›ืชื•ื‘ื•ืช IP ื‘ืžื”ืœืš ืคืจื•ืงืกื™ ื‘ืืžืฆืขื•ืช mod_remoteip ื•-mod_rewrite. ื”ื‘ืขื™ื” ืžื•ืคื™ืขื” ืจืง ืขื‘ื•ืจ ืžื”ื“ื•ืจื•ืช 2.4.1 ืขื“ 2.4.23.

ื”ืฉื™ื ื•ื™ื™ื ื”ื‘ื•ืœื˜ื™ื ืฉืื™ื ื ื‘ื™ื˜ื—ื•ื ื™ื™ื ื”ื:

  • ื”ืชืžื™ื›ื” ื‘ืžืคืจื˜ ื˜ื™ื•ื˜ื” ื”ื•ืกืจื” ืž-mod_http2 kazuho-h2-cache-digest, ืฉื”ืงื™ื“ื•ื ืฉืœื• ื”ื•ืคืกืง.
  • ืฉื™ื ื” ืืช ื”ื”ืชื ื”ื’ื•ืช ืฉืœ ื”ื•ืจืืช "LimitRequestFields" ื‘-mod_http2; ืฆื™ื•ืŸ ืขืจืš 0 ืžืฉื‘ื™ืช ื›ืขืช ืืช ื”ืžื’ื‘ืœื”.
  • mod_http2 ืžืกืคืง ืขื™ื‘ื•ื“ ืฉืœ ื—ื™ื‘ื•ืจื™ื ืจืืฉื•ื ื™ื™ื ื•ืžืฉื ื™ื™ื (ืžืืกื˜ืจ/ืžืฉื ื™ื™ื) ื•ืกื™ืžื•ืŸ ืฉื™ื˜ื•ืช ื‘ื”ืชืื ืœืฉื™ืžื•ืฉ.
  • ืื ืชื•ื›ืŸ ืฉื’ื•ื™ ืฉืœ ื›ื•ืชืจืช ืฉื‘ื•ืฆืขื” ืœืื—ืจื•ื ื” ืžืชืงื‘ืœ ืžืกืงืจื™ืคื˜ FCGI/CGI, ื›ื•ืชืจืช ื–ื• ืžื•ืกืจืช ื›ืขืช ื‘ืžืงื•ื ืžื•ื—ืœืคืช ื‘ืชืงื•ืคืช ื™ื•ื ื™ืงืก.
  • ื”ืคื•ื ืงืฆื™ื” ap_parse_strict_length() ื ื•ืกืคื” ืœืงื•ื“ ื›ื“ื™ ืœื ืชื— ื‘ืงืคื“ื ื•ืช ืืช ื’ื•ื“ืœ ื”ืชื•ื›ืŸ.
  • ProxyFCGISetEnvIf ืฉืœ Mod_proxy_fcgi ืžื‘ื˜ื™ื— ืฉืžืฉืชื ื™ ืกื‘ื™ื‘ื” ื™ื•ืกืจื• ืื ื”ื‘ื™ื˜ื•ื™ ื”ื ืชื•ืŸ ืžื—ื–ื™ืจ False.
  • ืชื•ืงืŸ ืžืฆื‘ ืžื™ืจื•ืฅ ื•ืงืจื™ืกื” ืืคืฉืจื™ืช ืฉืœ mod_ssl ื‘ืขืช ืฉื™ืžื•ืฉ ื‘ืชืขื•ื“ืช ืœืงื•ื— ืฉืฆื•ื™ื ื” ื“ืจืš ื”ื’ื“ืจืช SSLProxyMachineCertificateFile.
  • ืชื•ืงื ื” ื“ืœื™ืคืช ื–ื™ื›ืจื•ืŸ ื‘-mod_ssl.
  • mod_proxy_http2 ืžืกืคืง ืืช ื”ืฉื™ืžื•ืฉ ื‘ืคืจืžื˜ืจ ื”-proxy "ืคื™ื ื’ยป ื‘ืขืช ื‘ื“ื™ืงืช ื”ืคื•ื ืงืฆื™ื•ื ืœื™ื•ืช ืฉืœ ื—ื™ื‘ื•ืจ ื—ื“ืฉ ืื• ื‘ืฉื™ืžื•ืฉ ื—ื•ื–ืจ ืœ-backend.
  • ื”ืคืกื™ืง ืœื—ื™ื™ื‘ ืืช httpd ืขื ื”ืืคืฉืจื•ืช "-lsystemd" ื›ืืฉืจ mod_systemd ืžื•ืคืขืœ.
  • mod_proxy_http2 ืžื‘ื˜ื™ื— ืฉื”ื’ื“ืจืช ProxyTimeout ื ืœืงื—ืช ื‘ื—ืฉื‘ื•ืŸ ื‘ืขืช โ€‹โ€‹ื”ืžืชื ื” ืœื ืชื•ื ื™ื ื ื›ื ืกื™ื ื“ืจืš ื—ื™ื‘ื•ืจื™ื ืœ-backend.

ืžืงื•ืจ: OpenNet.ru

ื”ื•ืกืคืช ืชื’ื•ื‘ื”