Summary: | <www-servers/apache-2.4.39: privilege escalation and other vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | apache-bugs, gentoo_bugs_peep, polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
app-admin/apache-tools-2.4.39
www-servers/apache-2.4.39
|
Runtime testing required: | --- |
Description
Hanno Böck
2019-04-02 07:56:08 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ba34aa34c25d07f495ae56fc56a2bbaab5d4dd6 commit 9ba34aa34c25d07f495ae56fc56a2bbaab5d4dd6 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-02 08:50:44 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-02 08:54:13 +0000 www-servers/apache: Security bump to version 2.4.39 Attempt to make apache2ctl systemd compatible Bug: https://bugs.gentoo.org/673530 Bug: https://bugs.gentoo.org/682306 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> www-servers/apache/Manifest | 2 + www-servers/apache/apache-2.4.39.ebuild | 257 ++++++++++++++++++++++++++++++++ 2 files changed, 259 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b8813408caa94488b83fcbcce09e4d156c95285 commit 5b8813408caa94488b83fcbcce09e4d156c95285 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-02 08:49:10 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-02 08:54:12 +0000 app-admin/apache-tools: Security bump to version 2.4.39 Bug: https://bugs.gentoo.org/682306 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-admin/apache-tools/Manifest | 1 + app-admin/apache-tools/apache-tools-2.4.39.ebuild | 105 ++++++++++++++++++++++ 2 files changed, 106 insertions(+) amd64 stable (In reply to Mikle Kolyada from comment #2) > amd64 stable ... Resolving dev.gentoo.org... failed: Temporary failure in name resolution. wget: unable to resolve host address ‘dev.gentoo.org’ !!! Couldn't download 'gentoo-apache-2.4.39-20190402.tar.bz2'. Aborting. ... (In reply to Manfred Knick from comment #3) > ... Resolving dev.gentoo.org... failed: ... After sync this morning: WORKSFORME Thanks. hppa stable arm stable ia64 stable ppc64 stable x86 stable ppc stable sparc stable alpha stable @maintainer(s), please drop vulnerable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4fa77e074b321d4bf55c3eab587daed8227cac6 commit a4fa77e074b321d4bf55c3eab587daed8227cac6 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-21 02:13:51 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-21 02:13:51 +0000 www-servers/apache: Security cleanup Bug: https://bugs.gentoo.org/682306 Package-Manager: Portage-2.3.64, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> www-servers/apache/Manifest | 4 - www-servers/apache/apache-2.4.34-r2.ebuild | 262 --------------------- www-servers/apache/apache-2.4.38-r1.ebuild | 257 -------------------- .../apache/files/apache-2.4.34-PR62557.patch | 216 ----------------- .../apache-2.4.34-suexec_parallel_install.patch | 19 -- 5 files changed, 758 deletions(-) This issue was resolved and addressed in GLSA 201904-20 at https://security.gentoo.org/glsa/201904-20 by GLSA coordinator Aaron Bauman (b-man). |