Lucene search

K
mageiaGentoo FoundationMGASA-2021-0577
HistoryDec 22, 2021 - 2:27 a.m.

Updated apache packages fix security vulnerabilities

2021-12-2202:27:37
Gentoo Foundation
advisories.mageia.org
21

0.307 Low

EPSS

Percentile

97.0%

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery) (CVE-2021-44224). A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one (CVE-2021-44790).

OSVersionArchitecturePackageVersionFilename
Mageia8noarchapache< 2.4.52-1apache-2.4.52-1.mga8