Summary: | <www-servers/apache-2.4.48: multiple vulnerabilities (CVE-2019-17567, CVE-2020-{13950,35452}, CVE-2021-{26690,26691,30641,31618}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs, hydrapolic |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://httpd.apache.org/security/vulnerabilities_24.html | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-admin/apache-tools-2.4.48-r1
www-servers/apache-2.4.48-r1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-06-10 14:43:10 UTC
2.4.47 is the one with the fixes: https://www.openwall.com/lists/oss-security/2021/06/10/16 Please stabilize >=2.4.47. Sanity check failed:
> www-servers/apache-2.4.47
> pdepend amd64 dev profile default/linux/amd64/17.0/x32 (40 total)
> ~app-admin/apache-tools-2.4.47
> pdepend amd64 stable profile default/linux/amd64/17.1 (63 total)
> ~app-admin/apache-tools-2.4.47
All sanity-check issues have been resolved https://downloads.apache.org/httpd/CHANGES_2.4.48 Changes with Apache 2.4.48 *) SECURITY: CVE-2021-31618 (cve.mitre.org) mod_http2: Fix a potential NULL pointer dereference [Ivan Zhakov] ppc done amd64 done x86 done sparc done ppc64 stable arm64 done Unable to check for sanity:
> no match for package: app-admin/apache-tools-2.4.48
Unable to check for sanity:
> no match for package: www-servers/apache-2.4.48-r1
All sanity-check issues have been resolved arm done all arches done Please cleanup GLSA request filed. This issue was resolved and addressed in GLSA 202107-38 at https://security.gentoo.org/glsa/202107-38 by GLSA coordinator John Helmert III (ajak). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fed1cac86a11008071b5561d825d8cae53c0d158 commit fed1cac86a11008071b5561d825d8cae53c0d158 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2021-07-18 09:33:51 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2021-07-18 09:33:51 +0000 www-servers/apache: cleanup vulnerable versions Bug: https://bugs.gentoo.org/795231 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff@gentoo.org> www-servers/apache/Manifest | 3 - www-servers/apache/apache-2.4.46-r7.ebuild | 246 ---------------------------- www-servers/apache/apache-2.4.46-r8.ebuild | 253 ----------------------------- www-servers/apache/apache-2.4.47-r1.ebuild | 253 ----------------------------- 4 files changed, 755 deletions(-) Thanks graaff, not sure how I missed this |