Iseva ye-Apache HTTP 2.4.52 ikhutshiwe, yazisa utshintsho lwe-25 kunye nokuphelisa ubuthathaka obu-2:
- I-CVE-2021-44790 sisithintelo sokuphuphuma kwi-mod_lua eyenzeka xa kusahlulwa izicelo zamacandelo amaninzi. Ukuba sesichengeni kuchaphazela uqwalaselo apho izishicilelo zeLua zibiza i r:parsebody() umsebenzi wokwahlula umzimba wesicelo, ukuvumela umhlaseli enze isithinteli esiphuphumayo ngokuthumela isicelo esenziwe ngokukodwa. Akukho bungqina bokuxhaphaza obuchongiwe, kodwa ingxaki inokukhokelela ekuphunyezweni kwekhowudi yayo kwiseva.
- I-CVE-2021-44224 -I-SSRF (i-Server Side Request Forgery) ubuthathaka kwi-mod_proxy, evumela, kuqwalaselo kunye ne-"ProxyRequests on" setting, ngesicelo se-URI eyilwe ngokukodwa, ukufezekisa isicelo sokuphinda sithunyelwe komnye umphathi ngokufanayo. umncedisi owamkela imidibaniso nge Unix Domain Socket. Umba usenokusetyenziselwa ukwenza ingozi ngokudala iimeko zesalathisi esingesiso. Umba uchaphazela iinguqulelo ze-Apache httpd ukuqala kwinguqulo 2.4.7.
Olona tshintsho luqaphelekayo olungakhuselekanga lu:
- Inkxaso eyongeziweyo yokwakha ngethala leencwadi le-OpenSSL 3 ukuya kwimod_ssl.
- Ukubonwa kwethala leencwadi le-OpenSSL eliphuculweyo kwi-autoconf scripts.
- Kwi-mod_proxy, kwiiprothokholi ze-tunneling, kunokwenzeka ukukhubaza ukuhanjiswa kwe-half-close ye-TCP uxhumano ngokumisela ipharamitha ye-"SetEnv proxy-nohalfclose".
- Kongezwe uqwalaselo olongezelelweyo ukuba i-URIs ayenzelwanga ukuba negunya lokusebenzela omnye iqulathe i-http/https yenkqubo, kwaye ezo zenzelwe ukwenziwa njengommeli ziqulathe igama lenginginya.
- mod_proxy_connect kunye ne-mod_proxy ayivumeli ikhowudi yesimo ukuba itshintshe emva kokuba ithunyelwe kumxhasi.
- Xa uthumela iimpendulo eziphakathi emva kokufumana izicelo ezinombhalo othi "Lindela: 100-Continue", qinisekisa ukuba isiphumo sibonisa imeko ethi "100 Qhubeka" kunesimo esikhoyo ngoku sesicelo.
- I-mod_dav yongeza inkxaso yezandiso zeCalDAV, ezifuna ukuba zombini izinto zoxwebhu kunye nezinto zepropathi zithathelwe ingqalelo xa kusenziwa ipropathi. Imisebenzi emitsha eyongeziweyo dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() kunye dav_find_attr(), enokuthiwa kwezinye iimodyuli.
- Kwi-mpm_event, ingxaki ngokumisa iinkqubo zomntwana ezingasebenziyo emva kokuba utyando kumthwalo womncedisi usonjululwe.
- I-Mod_http2 ineenguqu ezilungisiweyo zokuhlehla ezibangele ukuziphatha okungalunganga xa uphethe izithintelo ze-MaxRequestsPerChild kunye ne-MaxConnectionsPerChild.
- Izakhono zemodyuli ye-mod_md, esetyenziselwa ukuzenzekelayo ukufumana kunye nokugcinwa kwezatifikethi usebenzisa i-ACME (i-Automatic Certificate Management Environment) protocol, yandisiwe:
- Inkxaso eyongeziweyo ye-ACME ye-Akhawunti yaNgaphandle yokuBinding (EAB), eyenziwe kusetyenziswa ulwalathiso lwe-MDExternalAccountBinding. Amaxabiso e-EAB anokumiswa kwifayile ye-JSON yangaphandle, ukuphepha ukuveza iiparamitha zokuqinisekisa kwifayile yoqwalaselo yeseva ephambili.
- Umyalelo 'weMDCertificateAuthority' uqinisekisa ukuba ipharamitha ye-URL ine-http/https okanye elinye lamagama achazwe kwangaphambili ('LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test').
- Ivumelekile ukuba icacise umyalelo we-MDContactEmail ngaphakathi kwecandelo le-.
- Ziliqela iibugs ezilungisiweyo, kuquka ukuvuza kwememori okwenzekayo xa ukulayisha iqhosha labucala kusilela.
umthombo: opennet.ru