What Are You Looking For?

Sign Up
Synopsis:          Important: httpd security update
Advisory ID:       SLSA-2022:0143-1
Issue Date:        2022-01-18
CVE Numbers:       CVE-2021-26691
                   CVE-2021-39275
                   CVE-2021-34798
                   CVE-2021-44790
--

Security Fix(es):

* httpd: mod_lua: Possible buffer overflow when parsing multipart content
(CVE-2021-44790)

* httpd: mod_session: Heap overflow via a crafted SessionHeader value
(CVE-2021-26691)

* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
(CVE-2021-39275)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

SL7
  x86_64
    httpd-2.4.6-97.el7_9.4.x86_64.rpm
    httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
    httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
    httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
    mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
    mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
    mod_session-2.4.6-97.el7_9.4.x86_64.rpm
    mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
  noarch
    httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2022-0143-1 Important: httpd on SL7.x x86_64

httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * ht...

Summary

Important: httpd security update



Security Fixes

* httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
* httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE
SL7 x86_64 httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm noarch httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2022:0143-1
Issued Date: : 2022-01-18
CVE Numbers: CVE-2021-26691
CVE-2021-39275
CVE-2021-34798

Related News

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

Oct 19, 2023

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Sep 29, 2023

Critical BusyBox Stack Overflow Vuln Fixed

Sep 22, 2023

Remotely Exploitable ClamAV DoS Bug Discovered & Fixed

Aug 31, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo