MGASA-2024-0258 - Updated apache packages fix security vulnerabilities

Publication date: 09 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0258.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-36387,
     CVE-2024-38473,
     CVE-2024-38474,
     CVE-2024-38475,
     CVE-2024-38476,
     CVE-2024-38477,
     CVE-2024-39573,
     CVE-2024-39884

Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a Null Pointer dereference, leading to a crash of the server
process, degrading performance. (CVE-2024-36387)
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier
allows request URLs with incorrect encoding to be sent to backend
services, potentially bypassing authentication via crafted requests.
(CVE-2024-38473)
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59
and earlier allows attacker to execute scripts in directories permitted
by the configuration but not directly reachable by any URL or source
disclosure of scripts meant to only to be executed as CGI. Some
RewriteRules that capture and substitute unsafely will now fail unless
rewrite flag "UnsafeAllow3F" is specified. (CVE-2024-38474)
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59
and earlier allows an attacker to map URLs to filesystem locations that
are permitted to be served by the server but are not
intentionally/directly reachable by any URL, resulting in code execution
or source code disclosure. Substitutions in server context that use a
backreferences or variables as the first segment of the substitution are
affected.  Some unsafe RewiteRules will be broken by this change and the
rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring
the substitution is appropriately constrained. (CVE-2024-38475)
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are
vulnerably to information disclosure, SSRF or local script execution via
backend applications whose response headers are malicious or
exploitable.  (CVE-2024-38476)
Null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and
earlier allows an attacker to crash the server via a malicious request.
(CVE-2024-38477)
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier
allows an attacker to cause unsafe RewriteRules to unexpectedly setup
URL's to be handled by mod_proxy. (CVE-2024-39573)
A regression in the core of Apache HTTP Server 2.4.60 ignores some use
of the legacy content-type based configuration of handlers.
"AddType" and similar configuration, under some circumstances where
files are requested indirectly, result in source code disclosure of local
content. For example, PHP scripts may be served instead of interpreted.
(CVE-2024-39884)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33353
- https://www.openwall.com/lists/oss-security/2024/07/01/4
- https://www.openwall.com/lists/oss-security/2024/07/01/6
- https://www.openwall.com/lists/oss-security/2024/07/01/7
- https://www.openwall.com/lists/oss-security/2024/07/01/8
- https://www.openwall.com/lists/oss-security/2024/07/01/9
- https://www.openwall.com/lists/oss-security/2024/07/01/10
- https://www.openwall.com/lists/oss-security/2024/07/01/11
- https://www.openwall.com/lists/oss-security/2024/07/03/8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884

SRPMS:
- 9/core/apache-2.4.61-1.mga9

Mageia 2024-0258: apache Security Advisory Updates

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance

Summary

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. (CVE-2024-36387) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. (CVE-2024-38473) Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. (CVE-2024-38474) Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. (CVE-2024-38475) Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. (CVE-2024-38476) Null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. (CVE-2024-38477) Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. (CVE-2024-39573) A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. (CVE-2024-39884)

References

- https://bugs.mageia.org/show_bug.cgi?id=33353

- https://www.openwall.com/lists/oss-security/2024/07/01/4

- https://www.openwall.com/lists/oss-security/2024/07/01/6

- https://www.openwall.com/lists/oss-security/2024/07/01/7

- https://www.openwall.com/lists/oss-security/2024/07/01/8

- https://www.openwall.com/lists/oss-security/2024/07/01/9

- https://www.openwall.com/lists/oss-security/2024/07/01/10

- https://www.openwall.com/lists/oss-security/2024/07/01/11

- https://www.openwall.com/lists/oss-security/2024/07/03/8

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884

Resolution

MGASA-2024-0258 - Updated apache packages fix security vulnerabilities

SRPMS

- 9/core/apache-2.4.61-1.mga9

Severity
Publication date: 09 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0258.html
Type: security
CVE: CVE-2024-36387, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved