Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 32: Update for httpd 2.4.46 Critical Remote Code Execution Risk

fedora
Calendar Grey August 31, 2020
Dist Fedora Esm H88
Examine vulnerabilities in Fedora 32's Apache httpd 2.4.46, focusing on remote code execution and information leakage risks.
This release includes the latest stable version of Apache **httpd**, version **2.4.46**

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

This release includes the latest stable version of Apache **httpd**, version

**2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984**

mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE

of existing file on the server running under a malicious process environment.

For the full list of changes in this release, see

* Tue Aug 25 2020 Lubos Uhliarik - 2.4.46-1

- new version 2.4.46

- remove obsolete parts of this spec file

- fix systemd detection patch

* Tue Jul 28 2020 Fedora Release Engineering - 2.4.43-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[ 1 ] Bug #1820775 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1820775

[ 2 ] Bug #1820776 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1820776

[ 3 ] Bug #1866581 - httpd-2.4.46 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1866581

[ 4 ] Bug #1868147 - CVE-2020-11985 httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1868147

[ 5 ] Bug #1868148 - CVE-2020-11984 httpd: mod_proxy_uswgi buffer overflow [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1868148

su -c 'dnf upgrade --advisory FEDORA-2020-189a1e6c3e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update Fedora remote code execution httpd information disclosure

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 2.4.46
Release: 1.fc32
URL: https://httpd.apache.org/
Summary: Apache HTTP Server

Topics%20covered

Topics Covered

security advisory update Fedora remote code execution httpd information disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here