ProHoster > Blog > internet nhau > Apache 2.4.53 http server kusunungurwa ine ngozi ine ngozi yakagadziriswa

Apache 2.4.53 http server kusunungurwa ine ngozi ine ngozi yakagadziriswa

Kuburitswa kweApache HTTP Server 2.4.53 kwakabudiswa, uko kunosuma shanduko gumi neina uye kugadzirisa 14 kusasimba:

  • CVE-2022-22720 - mukana wekuita HTTP Chikumbiro cheSmuggling kurwisa, iyo inobvumira, nekutumira zvakagadzirirwa zvikumbiro zvevatengi, kupinza mune zvevamwe vashandisi zvikumbiro zvinopfuudzwa kuburikidza nemod_proxy (semuenzaniso, unogona kuzadzisa kutsiva kwakashata. JavaScript kodhi muchikamu chemumwe mushandisi wesaiti). Dambudziko rinokonzereswa nekusiya yakavhurika inopinda yekubatanidza mushure mekusangana nezvikanganiso uchigadzira isiriyo yekukumbira muviri.
  • CVE-2022-23943 - Iyo buffer inofashukira mune mod_sed module iyo inobvumira kudarika zviri mukati memurwi ndangariro neanorwisa-anodzorwa data.
  • CVE-2022-22721 - Nyora kunze kwemiganhu nekuda kwekuwanda kufashukira kunoitika kana uchipfuura chikumbiro chakakura kupfuura 350MB. Dambudziko rinozviratidza pane 32-bit masisitimu mune iyo LimitXMLRequestBody kukosha kwayo yakakwirisa zvakanyanya (nekusagadzika 1 MB, pakurwiswa muganho unofanirwa kunge wakakwira kupfuura 350 MB).
  • CVE-2022-22719 injodzi mu mod_lua iyo inobvumira kuverenga zvisina tsarukano nzvimbo dzekurangarira uye kurovera maitiro kana uchigadzira yakanyatso gadzirwa yekukumbira muviri. Dambudziko rinokonzerwa nekushandiswa kweuninitialized values ​​mu r:parsebody function code.

Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:

  • Mune mod_proxy, muganho wehuwandu hwemavara muzita remubati (mushandi) wakawedzerwa. Yakawedzera kugona kwekusarudza kugadzirisa nguva yekumashure uye yekumberi (semuenzaniso, zvine chekuita nemushandi). Pazvikumbiro zvinotumirwa kuburikidza newebhusockets kana nzira yeCONNECT, nguva yekupera yakashandurwa kusvika kune yakanyanya kukosha yakasetwa yebackend nemberi.
  • Yakapatsanurwa kubata kwekuvhura mafaira eDBM uye kurodha mutyairi weDBM. Kana pakaitika tsaona, irogi ikozvino rinoratidza ruzivo rwakadzama nezve chikanganiso uye mutyairi.
  • mod_md yakamira kugadzirisa zvikumbiro ku /.well-known/acme-challenge/ kunze kwekunge zvigadziriso zvedomasi zvakagonesa kushandiswa kwe 'http-01' dambudziko rerudzi.
  • mod_dav yakagadzirisa regression iyo yakakonzera kushandiswa kwepamusoro kwekuyeuka paunenge uchigadzirisa nhamba huru yezviwanikwa.
  • Yakawedzera kugona kushandisa iyo pcre2 (10.x) raibhurari pachinzvimbo che pcre (8.x) yekugadzirisa zvinogara zvichitaurwa.
  • Tsigiro yeLDAP anomaly ongororo yakawedzerwa kune mibvunzo mafirita kuti inyatso dhiza data paunenge uchiedza kutsiva LDAP kurwiswa.
  • Mu mpm_event, dhizaini inoitika kana uchitangazve kana kupfuura iyo MaxConnectionsPerChild muganho pane akaremerwa masisitimu akagadziriswa.

Source: opennet.ru

Voeg