kuburitswa kweApache HTTP server 2.4.43 (kuburitswa 2.4.42 kwakasvetuka), iyo yakatanga uye yakabviswa :
- CVE-2020-1927: kusagadzikana mune mod_rewrite iyo inobvumira sevha kuti ishandiswe kutumira zvikumbiro kune zvimwe zviwanikwa (kuvhura redirect). Mamwe ma mod_rewrite marongero anogona kuita kuti mushandisi aendeswe kune imwe chinongedzo, encoded uchishandisa mutsara mutsva mukati meparameter inoshandiswa mune iripo redirect.
- CVE-2020-1934: kusagadzikana mu mod_proxy_ftp. Kushandisa uninitialized values ββkunogona kutungamirira kundangariro kuvuza kana proxying zvikumbiro kune anorwisa-inodzorwa FTP server.
- Memory leak in mod_ssl inoitika kana uchisunga zvikumbiro zveOCSP.
Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:
- New module yakawedzerwa , iyo inopa kubatanidzwa ne systemd system maneja. Iyo module inobvumidza iwe kushandisa httpd mumasevhisi ane "Type=notify" mhando.
- Muchinjikwa-kuunganidza rutsigiro rwakawedzerwa kune apxs.
- Kugona kweiyo mod_md module, yakagadziridzwa neRega Encrypt purojekiti kuti iite otomatiki risiti nekuchengetedza zvitupa uchishandisa ACME (Automatic Certificate Management Environment) protocol, yakawedzerwa:
- Yakawedzera iyo MDContactEmail dhairekitori, kuburikidza iyo iwe yaunogona kutsanangura email yekufonera isingaenderane nedata kubva kuServerAdmin rairo.
- Kune ese masikirwo anotambira, tsigiro yeprotocol inoshandiswa pakutaurirana nzira yakachengeteka yekutaurirana (βtls-alpn-01β) inosimbiswa.
- Bvumira mod_md dhairekitori kuti ishandiswe mumabhuroko Uye .
- Inova nechokwadi chekuti zvigadziriso zvakapfuura zvinonyorwa kana uchishandisazve MDCACChallenges.
- Yakawedzera kugona kugadzirisa url yeCTLog Monitor.
- Kune mirairo inotsanangurwa muMDMessageCmd kuraira, kufona ne "yakaiswa" nharo inopihwa paunenge uchimisikidza chitupa chitsva mushure mekutanga sevha (semuenzaniso, inogona kushandiswa kukopa kana kushandura chitupa chitsva kune mamwe maapplication).
- mod_proxy_hcheck yakawedzera rutsigiro rwe%{Content-Type} mask mune cheki mataurirwo.
- CookieSameSite, CookieHTTPOnly uye CookieSecure modes akawedzerwa kune mod_usertrack kugadzirisa usertrack cookie processing.
- mod_proxy_ajp inoshandisa "chakavanzika" sarudzo kune vanobata proxy kutsigira nhaka AJP13 yekusimbisa protocol.
- Yakawedzerwa gadziriso seti yeOpenWRT.
- Yakawedzerwa rutsigiro kumod_ssl yekushandisa zvakavanzika makiyi uye zvitupa kubva kuOpenSSL ENGINE nekutsanangura iyo PKCS#11 URI muSSLCertificateFile/KeyFile.
- Kuitwa kuyedza uchishandisa inoenderera yekubatanidza system Travis CI.
- Parsing yeTransfer-Encoding misoro yakasimbiswa.
- mod_ssl inopa TLS protocol negotiation maererano nemabatiki chaiwo (inotsigirwa kana yakavakwa neOpenSSL-1.1.1+.
- Nekushandisa hashing yematafura ekuraira, kutangazve mu "nyasha" modhi inokwidziridzwa (pasina kukanganisa kumhanya processors).
- Yakawedzerwa kuverenga-chete matafura r:headers_in_table, r:headers_out_table, r:err_headers_out_table, r:notes_table uye r:subprocess_env_table to mod_lua. Bvumira matafura kuti apihwe kukosha "nil".
- Mu mod_authn_socache muganho pahukuru hwemutsara wakachengetwa wakawedzerwa kubva pa100 kusvika pa256.
Source: opennet.ru