Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2022:0004
Issued: 2022-01-18
Updated: 2022-01-18
Summary
httpd security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-34798:
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275:
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-44790:
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
References
Updated Packages
- aarch64
- httpd-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- httpd-debuginfo-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- httpd-devel-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- httpd-tools-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- mod_ldap-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- mod_proxy_html-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- mod_session-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- mod_ssl-2.4.6-97.1.al7.4.aarch64.rpm → (download)
- i686
- httpd-2.4.6-97.1.al7.4.i686.rpm → (download)
- httpd-debuginfo-2.4.6-97.1.al7.4.i686.rpm → (download)
- httpd-devel-2.4.6-97.1.al7.4.i686.rpm → (download)
- httpd-tools-2.4.6-97.1.al7.4.i686.rpm → (download)
- mod_ldap-2.4.6-97.1.al7.4.i686.rpm → (download)
- mod_proxy_html-2.4.6-97.1.al7.4.i686.rpm → (download)
- mod_session-2.4.6-97.1.al7.4.i686.rpm → (download)
- mod_ssl-2.4.6-97.1.al7.4.i686.rpm → (download)
- src
- httpd-2.4.6-97.1.al7.4.src.rpm → (download)
- x86_64
- httpd-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- httpd-debuginfo-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- httpd-devel-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- httpd-tools-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- mod_ldap-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- mod_proxy_html-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- mod_session-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- mod_ssl-2.4.6-97.1.al7.4.x86_64.rpm → (download)
- noarch
- httpd-manual-2.4.6-97.1.al7.4.noarch.rpm → (download)