ProHoster > Ibhulogi > iindaba ze-intanethi > I-Apache 2.4.54 ye-http yokukhutshwa komncedisi kunye nobuthathaka obulungisiweyo

I-Apache 2.4.54 ye-http yokukhutshwa komncedisi kunye nobuthathaka obulungisiweyo

I-Apache 2.4.53 i-server yokukhutshwa kwe-HTTP ipapashiwe, ebonisa utshintsho lwe-19 kunye nobuthathaka obusisigxina be-8:

  • I-CVE-2022-31813 bubungozi kwi-mod_proxy enokuthintela ukuthunyelwa kwe-X-Forwarded-* iiheader ngolwazi malunga nedilesi ye-IP apho isicelo sokuqala sivela khona. Ingxaki ingasetyenziselwa ukudlula izithintelo zokufikelela ngokusekelwe kwiidilesi ze-IP.
  • I-CVE-2022-30556 bubuthathaka kwi-mod_lua evumela ufikelelo kwidatha engaphandle kwe-buffer eyabiweyo ngokusetyenziswa kwe-r:wsread() umsebenzi kwizikripthi ze-Lua.
  • I-CVE-2022-30522 - Ukukhanyela kwenkonzo (ngaphandle kwememori ekhoyo) ngelixa kusetyenzwa idatha ethile nge-mod_sed.
  • I-CVE-2022-29404 - mod_lua ukwaliwa kwenkonzo exhatshaziweyo ngokuthumela izicelo ezenziwe ngokukodwa kubaphathi beLua usebenzisa i-r: parsebody (0) umnxeba.
  • I-CVE-2022-28615, i-CVE-2022-28614 - Ukwaliwa kwenkonzo okanye ukufikelela kwidatha kwimemori yenkqubo ngenxa yeempazamo kwi-ap_strcmp_match () kunye ne-ap_rwrite () imisebenzi, ekhokelela ekufundeni ukusuka kummandla ongaphandle komda we-buffer.
  • I-CVE-2022-28330 - Ulwazi olungaphandle kwemida luvuza kwi-mod_isapi (ingxaki ibonakala kuphela kwiqonga leWindows).
  • I-CVE-2022-26377 - Imodyuli ye-mod_proxy_ajp iyakwazi ukuhlaselwa "kwi-HTTP yesicelo sokuThuthukiswa" kwiinkqubo ze-front-end-backend ezivumela umxholo wezicelo zomnye umsebenzisi ukuba zicutshungulwe kwintambo efanayo phakathi kwe-front-end kunye ne-back-end ibe yi-wedge. -ngaphakathi.

Olona tshintsho luqaphelekayo olungakhuselekanga lu:

  • I-mod_ssl yenza imo ye-SSL FIPS ihambelane ne-OpenSSL 3.0.
  • Usetyenziso lwe-ab luphumeza inkxaso ye-TLSv1.3 (ifuna ukubophelela kwithala leencwadi le-SSL elixhasa lo mthetho womthetho).
  • Kwimod_md, umyalelo weMDCertificateAuthority uvumela ngaphezu kwegama elinye le-CA kunye ne-URL. Imiyalelo emitsha eyongeziweyo: I-MDRetryDelay (ichaza ukulibaziseka phambi kokuthumela isicelo sokuzama kwakhona) kunye ne-MDRetryFailover (ichaza inani lokuzama kwakhona kwimeko yokusilela phambi kokukhetha enye i-CA). Inkxaso eyongeziweyo yemeko ye "auto" xa ubonisa amaxabiso kwifomati ethi "key: value". Ubonelele ngesakhono sokulawula izatifikethi zeTailscale ekhuselekileyo yabasebenzisi beVPN.
  • Imodyuli ye-mod_http2 icociwe kwikhowudi engasetyenziswanga nengakhuselekanga.
  • I-mod_proxy ibonelela ngokuboniswa kwe-port yenethiwekhi yangasemva kwimiyalezo yempazamo ebhalwe kwilog.
  • Kwi-mod_heartmonitor, ixabiso le-HeartbeatMaxServers parameter litshintshiwe ukusuka kwi-0 ukuya kwi-10 (ukuqaliswa kwe-slots ye-10 eyabelwana ngayo).

umthombo: opennet.ru

Yongeza izimvo