I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > I-Apache 2.4.54 http yokukhululwa kweseva enokukhubazeka okulungisiwe

I-Apache 2.4.54 http yokukhululwa kweseva enokukhubazeka okulungisiwe

Iseva ye-Apache HTTP 2.4.53 isikhishiwe, yethula izinguquko eziyi-19 futhi isusa ubungozi obuyi-8:

  • I-CVE-2022-31813 isengozini ku-mod_proxy ekuvumela ukuthi uvimbele ukuthunyelwa kwezihloko ze-X-Forwarded-* ngolwazi olumayelana nekheli lasesizindeni se-inthanethi okuvela kulo isicelo sokuqala. Inkinga ingasetshenziselwa ukweqa imikhawulo yokufinyelela ngokusekelwe kumakheli e-IP.
  • I-CVE-2022-30556 isengozini ku-mod_lua evumela ukufinyelela kudatha engaphandle kwebhafa eyabelwe ngokukhohlisa umsebenzi othi r:wsread() kumaskripthi we-Lua.
  • I-CVE-2022-30522 - Ukwenqatshwa kwenkonzo (ukukhathala okutholakalayo kwememori) lapho kucutshungulwa idatha ethile ngemodyuli ye-mod_sed.
  • I-CVE-2022-29404 iwukunqatshelwa kwesevisi ku-mod_lua exhashazwa ngokuthumela izicelo eziklanywe ngokukhethekile kubaphathi be-Lua kusetshenziswa ikholi ethi r:parsebody(0).
  • I-CVE-2022-28615, CVE-2022-28614 – Ukwenqatshelwa kwesevisi noma ukufinyelela kudatha ekumemori yenqubo ngenxa yamaphutha emisebenzi ye-ap_strcmp_match() kanye ne-ap_rwrite(), okuholela ekufundweni endaweni engaphezu komngcele webhafa.
  • I-CVE-2022-28330 - Ukuvuza kolwazi ezindaweni zebhafa ezingaphandle kwemingcele ku-mod_isapi (udaba luvela endaweni yesikhulumi se-Windows kuphela).
  • I-CVE-2022-26377 - Imojula ye-mod_proxy_ajp isengozini yokuhlaselwa kwe-HTTP Yesicelo Sokushushumbisa ezinhlelweni ezingemuva, okuyivumela ukuthi izishushumbise ingene kokuqukethwe kwezicelo zabanye abasebenzisi ezicutshungulwe kuchungechunge olufanayo phakathi kwe-frontend ne-backend.

Izinguquko ezingavikeleki eziphawuleka kakhulu yilezi:

  • I-mod_ssl yenza imodi ye-SSLFIPS ihambisane ne-OpenSSL 3.0.
  • Isisetshenziswa se-ab sisekela i-TLSv1.3 (idinga ukuxhunywa nomtapo wezincwadi we-SSL osekela le nqubo yomthetho).
  • Ku-mod_md, umyalelo we-MDCertificateAuthority uvumela igama ne-URL ye-CA engaphezu kweyodwa. Iziqondiso ezintsha zengeziwe: I-MDRetryDelay (ichaza ukubambezeleka ngaphambi kokuthumela isicelo sokuzama futhi) kanye ne-MDRetryFailover (ichaza inani lokuzama kabusha uma kwenzeka kwehluleka ngaphambi kokukhetha esinye isiphathimandla sokunikeza izitifiketi). Kungezwe usekelo lwesimo "ngokuzenzakalelayo" lapho ukhipha amanani ngefomethi ethi "key: value". Kunikezwe amandla okuphatha izitifiketi zabasebenzisi benethiwekhi ye-VPN evikelekile ye-Tailscale.
  • Imojula ye-mod_http2 ihlanzwe ikhodi engasetshenzisiwe nengaphephile.
  • I-mod_proxy iqinisekisa ukuthi imbobo yenethiwekhi ye-backend ibonakala emilayezweni yephutha ebhalwe kulogi.
  • Ku-mod_heartmonitor, inani lepharamitha ye-HeartbeatMaxServers lishintshiwe lisuka ku-0 laya kokungu-10 (kuqala izikhala zememori ezabiwe ezingu-10).

Source: opennet.ru

Engeza amazwana