I-Apache 2.4.53 i-server yokukhutshwa kwe-HTTP ipapashiwe, ebonisa utshintsho lwe-19 kunye nobuthathaka obusisigxina be-8:
- I-CVE-2022-31813 bubungozi kwi-mod_proxy enokuthintela ukuthunyelwa kwe-X-Forwarded-* iiheader ngolwazi malunga nedilesi ye-IP apho isicelo sokuqala sivela khona. Ingxaki ingasetyenziselwa ukudlula izithintelo zokufikelela ngokusekelwe kwiidilesi ze-IP.
- I-CVE-2022-30556 bubuthathaka kwi-mod_lua evumela ufikelelo kwidatha engaphandle kwe-buffer eyabiweyo ngokusetyenziswa kwe-r:wsread() umsebenzi kwizikripthi ze-Lua.
- I-CVE-2022-30522 - Ukukhanyela kwenkonzo (ngaphandle kwememori ekhoyo) ngelixa kusetyenzwa idatha ethile nge-mod_sed.
- I-CVE-2022-29404 - mod_lua ukwaliwa kwenkonzo exhatshaziweyo ngokuthumela izicelo ezenziwe ngokukodwa kubaphathi beLua usebenzisa i-r: parsebody (0) umnxeba.
- I-CVE-2022-28615, i-CVE-2022-28614 - Ukwaliwa kwenkonzo okanye ukufikelela kwidatha kwimemori yenkqubo ngenxa yeempazamo kwi-ap_strcmp_match () kunye ne-ap_rwrite () imisebenzi, ekhokelela ekufundeni ukusuka kummandla ongaphandle komda we-buffer.
- I-CVE-2022-28330 - Ulwazi olungaphandle kwemida luvuza kwi-mod_isapi (ingxaki ibonakala kuphela kwiqonga leWindows).
- I-CVE-2022-26377 - Imodyuli ye-mod_proxy_ajp iyakwazi ukuhlaselwa "kwi-HTTP yesicelo sokuThuthukiswa" kwiinkqubo ze-front-end-backend ezivumela umxholo wezicelo zomnye umsebenzisi ukuba zicutshungulwe kwintambo efanayo phakathi kwe-front-end kunye ne-back-end ibe yi-wedge. -ngaphakathi.
Olona tshintsho luqaphelekayo olungakhuselekanga lu:
- I-mod_ssl yenza imo ye-SSL FIPS ihambelane ne-OpenSSL 3.0.
- Usetyenziso lwe-ab luphumeza inkxaso ye-TLSv1.3 (ifuna ukubophelela kwithala leencwadi le-SSL elixhasa lo mthetho womthetho).
- Kwimod_md, umyalelo weMDCertificateAuthority uvumela ngaphezu kwegama elinye le-CA kunye ne-URL. Imiyalelo emitsha eyongeziweyo: I-MDRetryDelay (ichaza ukulibaziseka phambi kokuthumela isicelo sokuzama kwakhona) kunye ne-MDRetryFailover (ichaza inani lokuzama kwakhona kwimeko yokusilela phambi kokukhetha enye i-CA). Inkxaso eyongeziweyo yemeko ye "auto" xa ubonisa amaxabiso kwifomati ethi "key: value". Ubonelele ngesakhono sokulawula izatifikethi zeTailscale ekhuselekileyo yabasebenzisi beVPN.
- Imodyuli ye-mod_http2 icociwe kwikhowudi engasetyenziswanga nengakhuselekanga.
- I-mod_proxy ibonelela ngokuboniswa kwe-port yenethiwekhi yangasemva kwimiyalezo yempazamo ebhalwe kwilog.
- Kwi-mod_heartmonitor, ixabiso le-HeartbeatMaxServers parameter litshintshiwe ukusuka kwi-0 ukuya kwi-10 (ukuqaliswa kwe-slots ye-10 eyabelwana ngayo).
umthombo: opennet.ru