[CLSA-2022:1656430448] Fixed CVEs in mod_http2-3.module_el8.5.0+2060+6f259f31: CVE-2022-26377, CVE-2022-30556, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813
Type:
security
Severity:
Critical
Release date:
2022-06-28
Description:
- CVE-2022-30522: mod_sed: limit memory usage - CVE-2022-26377: mod_proxy_ajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in ap_strcmp_match() - CVE-2022-30556: mod_lua: fix r:wsread() to not return length that point past the end of the storage allocated for the buffer - CVE-2022-31813: mod_proxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded-* headers correctly
Updated packages:
  • mod_http2-1.15.7-3.module_el8.5.0+2060+6f259f31.x86_64.rpm
    sha:dfe4e4ae429e054df1b69e5eaa0796621c933752
  • httpd-filesystem-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.noarch.rpm
    sha:e72b4ad5916c4fcc7937a11aa818dbfa9b9216bc
  • httpd-devel-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.i686.rpm
    sha:79d280df2392a16d07b7feed94dee3b1c969fbb1
  • mod_proxy_html-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:80f828115e699c3e70b9842efff8b6643c027dac
  • mod_md-2.0.8-8.module_el8.5.0+2060+6f259f31.x86_64.rpm
    sha:749948fdeba9059abce6e2338a89d82e2a837141
  • httpd-tools-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:06f27bc2f928a302dde289167ab1f1815e0de69c
  • httpd-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:ee0a65aeeb56e457593dbd644dc5ffa5e96a5180
  • mod_ssl-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:274331254fcc87fb49df576b56bed9820c4a74e2
  • httpd-manual-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.noarch.rpm
    sha:2994b6007b56375eaa202dbe61bdf5a2a85eb7d3
  • mod_session-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:fa97a65014ce237f681338b450f668bc70b64abe
  • mod_ldap-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:cd5125034db8401a856d0fd3ecc7945f5557f380
  • httpd-devel-2.4.37-43.module_el8.5.0+2060+6f259f31.tuxcare.els5.x86_64.rpm
    sha:5f50c01759b57a638dded0b8f6090b3fb49bb35d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.