Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa Apache http seva 2.4.48

Kutulutsidwa kwa Apache http seva 2.4.48

Kutulutsidwa kwa seva ya Apache HTTP 2.4.48 kwasindikizidwa (kutulutsidwa kwa 2.4.47 kunadumpha), komwe kumayambitsa kusintha kwa 39 ndikuchotsa zofooka za 8:

  • CVE-2021-30641 - gawo lolakwika mu 'MergeSlash OFF' mode;
  • CVE-2020-35452 - Single null byte stack kusefukira mu mod_auth_digest;
  • CVE-2021-31618, CVE-2020-26691, CVE-2020-26690, CVE-2020-13950 - NULL pointer dereferences mu mod_http2, mod_session ndi mod_proxy_http;
  • CVE-2020-13938 - Kuthekera koyimitsa njira ya httpd ndi wogwiritsa ntchito wopanda mwayi pa Windows;
  • CVE-2019-17567 - Nkhani zokambilana za Protocol mu mod_proxy_wstunnel ndi mod_proxy_http.

Zosintha zodziwika kwambiri zopanda chitetezo ndi:

  • Adawonjezera ProxyWebsocketFallbackToProxyHttp kukhazikitsa mod_proxy_wstunnel kuti muletse kusinthako kugwiritsa ntchito mod_proxy_http ya WebSocket.
  • API yapakati ya seva imaphatikizapo ntchito zokhudzana ndi SSL zomwe zilipo tsopano popanda mod_ssl module (mwachitsanzo, kulola mod_md module kuti ipereke makiyi ndi zizindikiro).
  • Kukonzekera kwa mayankho a OCSP (Online Certificate Status Protocol) asunthidwa kuchokera ku mod_ssl/mod_md kupita ku gawo loyambira, lomwe limalola ma modules ena kuti apeze deta ya OCSP ndikupanga mayankho a OCSP.
  • mod_md imalola kugwiritsa ntchito masks mu malangizo a MDomains, mwachitsanzo, "MDomain *.host.net". Lamulo la MDPrivateKeys limalola kufotokoza mitundu yosiyanasiyana ya makiyi, mwachitsanzo "MDPrivateKeys secp384r1 rsa2048" amalola kugwiritsa ntchito masatifiketi a ECDSA ndi RSA. Thandizo la protocol ya ACMEv1 yaperekedwa.
  • Thandizo lowonjezera la Lua 5.4 mpaka mod_lua.
  • Mtundu wosinthidwa wa mod_http2 module. Kuwongolera zolakwika. Chowonjezera cha 'H2OutputBuffering on/off' kuti muwongolere zotulutsa (zoyambitsa mwachisawawa).
  • Dongosolo la mod_dav_FileETag limagwiritsa ntchito njira ya "Digest" kuti ipange ETag kutengera kuchuluka kwa zomwe zili mufayilo.
  • mod_proxy imakupatsani mwayi wochepetsera kugwiritsa ntchito ProxyErrorOverride kumakhodi enaake.
  • Malangizo atsopano a ReadBufferSize, FlushMaxThreshold ndi FlushMaxPipelined akhazikitsidwa.
  • mod_rewrite imagwiritsa ntchito kukonzanso kwa SameSite popanga mbendera ya [CO] (cookie) mu RewriteRule malangizo.
  • Adawonjezedwa check_trans hook ku mod_proxy kuti akane zopempha zidakalipo.

Source: opennet.ru

Kuwonjezera ndemanga