changelog_14.2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| changelog_14.2 [2021/10/06 00:13] – [2021=10-05] connie | changelog_14.2 [2021/10/10 04:58] – [2021=10-05] connie | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
| - | ==== 2021=10-05 ==== | + | ==== 2021-10-10 |
| + | |||
| + | **httpd-2.4.51**: | ||
| + | SECURITY: CVE-2021-42013: | ||
| + | Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete | ||
| + | fix of CVE-2021-41773) (cve.mitre.org) | ||
| + | It was found that the fix for CVE-2021-41773 in Apache HTTP | ||
| + | Server 2.4.50 was insufficient. | ||
| + | traversal attack to map URLs to files outside the directories | ||
| + | configured by Alias-like directives. | ||
| + | If files outside of these directories are not protected by the | ||
| + | usual default configuration " | ||
| + | can succeed. If CGI scripts are also enabled for these aliased | ||
| + | pathes, this could allow for remote code execution. | ||
| + | This issue only affects Apache 2.4.49 and Apache 2.4.50 and not | ||
| + | earlier versions. | ||
| + | Credits: Reported by Juan Escobar from Dreamlab Technologies, | ||
| + | Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka | ||
| + | For more information, | ||
| + | * https:// | ||
| + | (**Security fix**) | ||
| + | |||
| + | ==== 2021-10-05 ==== | ||
| **httpd-2.4.50**: | **httpd-2.4.50**: | ||
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie