[CLSA-2022:1656429967] Fixed CVEs in httpd-39.module_el8.4.0+2061+54659116.1.tuxcare.els6: CVE-2022-28615, CVE-2022-31813, CVE-2022-30556, CVE-2022-26377, CVE-2022-30522
Type:
security
Severity:
Critical
Release date:
2022-06-28
Description:
- CVE-2022-30522: mod_sed: limit memory usage - CVE-2022-26377: mod_proxy_ajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in ap_strcmp_match() - CVE-2022-30556: mod_lua: fix r:wsread() to not return length that point past the end of the storage allocated for the buffer - CVE-2022-31813: mod_proxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded-* headers correctly
Updated packages:
  • httpd-tools-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:9395ef26774c45f1d69549dc53bcb159cd137fd3
  • mod_ssl-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:edf856d8517f96bbbc09d2f384a2f1317b8ecef1
  • mod_md-2.0.8-8.module_el8.4.0+2061+54659116.x86_64.rpm
    sha:1087b294b1d1b70c4a7d72a4aab4f23bb7455817
  • httpd-devel-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:de1e039087c5f5ee6cf726588dcc428d5d07512a
  • httpd-manual-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.noarch.rpm
    sha:fec929b7fa4beacdd995d217addf2dd76cb5add4
  • mod_ldap-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:e40c6987942e8c98322451dad243f39278777db4
  • mod_session-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:4678458800482f37859cf4dff7acc3e94c3a66dc
  • httpd-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:fd00f0074e6672992508c42110967f44c67c7b2e
  • httpd-devel-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.i686.rpm
    sha:4da01ee1f2476e98013cea64a0f2b0abb107b2d1
  • httpd-filesystem-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.noarch.rpm
    sha:06aeb2ff4dc24cde15000459d7162225bd766f87
  • mod_proxy_html-2.4.37-39.module_el8.4.0+2061+54659116.1.tuxcare.els6.x86_64.rpm
    sha:17662b521d7b22ad2ff975188236f7f8d871ceea
  • mod_http2-1.15.7-3.module_el8.4.0+2061+54659116.x86_64.rpm
    sha:457746275ca2ef116e10233d056d8824336e4f15
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.