User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
changelog_14.2 [2021/10/06 00:13]
connie [2021=10-05]
changelog_14.2 [2021/10/10 04:58]
connie [2021=10-05]
Line 3: Line 3:
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
  
-==== 2021=10-05 ====+==== 2021-10-10 ==== 
 + 
 +**httpd-2.4.51**:  Upgraded. 
 +SECURITY: CVE-2021-42013: Path Traversal and Remote Code 
 +Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete 
 +fix of CVE-2021-41773) (cve.mitre.org) 
 +It was found that the fix for CVE-2021-41773 in Apache HTTP 
 +Server 2.4.50 was insufficient.  An attacker could use a path 
 +traversal attack to map URLs to files outside the directories 
 +configured by Alias-like directives. 
 +If files outside of these directories are not protected by the 
 +usual default configuration "require all denied", these requests 
 +can succeed. If CGI scripts are also enabled for these aliased 
 +pathes, this could allow for remote code execution. 
 +This issue only affects Apache 2.4.49 and Apache 2.4.50 and not 
 +earlier versions. 
 +Credits: Reported by Juan Escobar from Dreamlab Technologies, 
 +Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka 
 +For more information, see: 
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013 
 +(**Security fix**) 
 + 
 +==== 2021-10-05 ====
  
 **httpd-2.4.50**:  Upgraded. **httpd-2.4.50**:  Upgraded.
changelog_14.2.txt · Last modified: 2021/10/28 13:59 by connie