- I-CVE-2020-1927: Ukuba sengozini ku-mod_rewrite okuvumela iseva ukuthi isetshenziselwe ukudlulisela izicelo kwezinye izinsiza (vula ukuqondisa kabusha). Ezinye izilungiselelo ze-mod_rewrite zingase zibangele ukuthi umsebenzisi aqondiswe kabusha kwesinye isixhumanisi esibhalwe ngezinhlamvu zomugqa omusha ngaphakathi kwepharamitha esetshenziswe ekuqondisweni kabusha okukhona.
- I-CVE-2020-1934: Ukuba sengozini ku-mod_proxy_ftp. Ukusebenzisa amanani angakaqaliswa kungaholela ekuvuzeni kwenkumbulo lapho ufaka izicelo kuseva ye-FTP elawulwa umhlaseli.
- Inkumbulo ivuza ku-mod_ssl lapho uphina izicelo ze-OCSP.
Izinguquko ezingavikeleki eziphawuleka kakhulu yilezi:
- Kwengezwe imojuli entsha
mod_systemd , ehlinzeka ngokuhlanganiswa nomphathi wesistimu ye-systemd. Imojuli ikuvumela ukuthi usebenzise i-httpd ezinsizeni ezinohlobo lwe-"Type=notify". - Ukusekela kokuhlanganiswa kwe-cross kwengezwe kuma-apx.
- Amandla emojula ye-mod_md, athuthukiswe iphrojekthi ye-Let's Encrypt ukuze azenze ngokuzenzakalela ukwamukela nokugcinwa kwezitifiketi kusetshenziswa iphrothokholi ye-ACME (Automatic Certificate Management Environment), anwetshiwe:
- Umyalelo we-MDContactEmail wengeziwe, ongacacisa ngawo i-imeyili yokuxhumana engadluleli nedatha evela kumyalelo we-ServerAdmin.
- Kubo bonke abasingathi be-virtual, isheke linikezwa ukusekela umthetho olandelwayo osetshenziswa lapho kuxoxiswana ngesiteshi sokuxhumana esivikelekile ("tls-alpn-01").
- Kuvunyelwe ukusetshenziswa kweziqondiso ze-mod_md kumabhulokhi Futhi .
- Kunikezwe ukushintshwa kwezilungiselelo zangaphambilini lapho kusetshenziswa kabusha i-MDCACChallenges.
- Kwengezwe amandla okumisa i-url ye-CTLog Monitor.
- Imiyalo echazwe kumyalelo we-MDMessageCmd iqinisekiswa ukuthi izobizwa nge-agumenti "efakiwe" lapho isitifiketi esisha sicushwa ngemva kokuqaliswa kabusha kweseva (isibonelo, singasetshenziswa ukukopisha noma ukuguqula isitifiketi esisha kwezinye izinhlelo zokusebenza).
- I-mod_proxy_hcheck yengeze ukwesekwa kwe-%{Content-Type} imaski ekuboniseni isheke.
- I-CookieSameSite, i-CookieHTTPOnly namamodi we-CookieSecure engeziwe ku-mod_usertrack ukuze wenze ngendlela oyifisayo indlela amakhukhi e-usertrack aphathwa ngayo.
- I-mod_proxy_ajp isebenzise ipharamitha "eyimfihlo" yabaphathi bommeleli ukuze basekele iphrothokholi yokuqinisekisa ye-AJP13 yefa.
- Kungezwe ukulungiselelwa okusethelwe i-OpenWRT.
- Usekelo olungeziwe lokusebenzisa okhiye abayimfihlo nezitifiketi ezivela ku-OpenSSL ENGINE ku-mod_ssl ngokucacisa i-PKCS#11 URI ku-SSLCertificateFile/KeyFile.
- Ukuhlola okusetshenzisiwe kusetshenziswa isistimu yokuhlanganisa eqhubekayo ye-Travis CI.
- Ukuhlaziya okuqinile kwezihloko Zokudluliswa Kwekhodi.
- I-mod_ssl ihlinzeka ngezingxoxo zephrothokholi ye-TLS ngokuhlobene nababungazi ababonakalayo (isekelwa uma wakha nge-OpenSSL-1.1.1+.
- Ngenxa yokusetshenziswa kwe-hashing kumathebula womyalo, ukuqalisa kabusha ngemodi βyomusaβ (ngaphandle kokuphazamiseka kwezibambi ezisebenzayo) kuyasheshiswa.
- Kwengezwe amathebula okufunda kuphela r:headers_in_table, r:headers_out_table, r:err_headers_out_table, r:notes_table kanye no-r:subprocess_env_table to mod_lua. Kuvunyelwe ukwabela inani elithi "nil" kumathebula.
- Ku-mod_authn_socache, umkhawulo kusayizi weyunithi yezinhlamvu efakwe kunqolobane ukhushulwe kusukela ku-100 kuya ku-256.
Source: opennet.ru