I-Apache HTTP 2.4.52 ixazulule ubungozi obu-2 nezinguquko ezimbalwa

Darkcrizt

Imizuzu ye-4

Ezinsukwini ezimbalwa ezedlule ukukhishwa kwenguqulo entsha yeseva ye-Apache HTTP 2.4.52 kwamenyezelwa lapho kwenziwa khona izinguquko ezingaba ngu-25 futhi ngaphezu kwalokho ukulungiswa kwenziwa kungobungozi obu-2.

Kulabo abangakaqapheli iseva ye-Apache HTTP, kufanele bazi ukuthi lokhu kungumthombo ovulekile, iseva yewebhu ye-HTTP ephambanayo esebenzisa iphrothokholi ye-HTTP / 1.1 kanye nombono wesayithi elibonakalayo ngokwezinga le-RFC 2616.

Yini entsha ku-Apache HTTP 2.4.52?

Kule nguqulo entsha yeseva singakuthola lokho ungeze usekelo lokwakha ngomtapo wezincwadi we-OpenSSL 3 ku-mod_sslNgaphezu kwalokho, ukutholwa kwathuthukiswa kulabhulali ye-OpenSSL kumaskripthi we-autoconf.

Enye into entsha egqamayo kule nguqulo entsha iku- i-mod_proxy ukuhambisa amaphrothokholi, kungenzeka ukukhubaza ukuqondisa kabusha koxhumo lwe-TCP ingxenye ivalwe ngokusetha ipharamitha ye-"SetEnv proxy-nohalfclose".

En mod_proxy_connect kanye ne-mod_proxy, kwenqatshelwe ukushintsha ikhodi yesimo ngemva kokuyithumela ekhasimendeni.

Ngaphakathi I-mod_dav yengeza ukusekelwa kwezandiso ze-CalDAV, Okufanele kucabangele kokubili idokhumenti nezakhi lapho kwakhiwa isakhiwo. Imisebenzi emisha ye-dav_validate_root_ns (), dav_find_child_ns (), dav_find_next_ns (), dav_find_attr_ns () kanye ne-dav_find_attr () imisebenzi yengeziwe, engabizwa kwamanye amamojula.

En mod_http2, izinguquko ezibuyela emuva eziholela ekuziphatheni okungalungile zilungisiwe lapho uphatha izithiyo ze-MaxRequestsPerChild kanye ne-MaxConnectionsPerChild.

Kuphinde kuqashelwe ukuthi amandla emojula ye-mod_md, asetshenziselwa ukwenza ngokuzenzakalelayo ukwamukela nokugcinwa kwezitifiketi ngephrothokholi ye-ACME (Indawo Yokuphathwa Kwesitifiketi Okuzenzakalelayo), anwetshiwe:

Kwengezwe usekelo lwendlela ye-ACME Ukubophezeleka Kwe-Akhawunti Yangaphandle (EAB), enikwe amandla isiyalelo se-MDExternalAccountBinding. Amanani we-EAB angalungiswa kusuka kufayela langaphandle le-JSON ukuze amapharamitha wokuqinisekisa angavezwa kufayela lokulungiselela leseva eliyinhloko.

Isiqondisi 'MDCertificateAuthority' inikeza ukuqinisekiswa kwe inkomba kupharamitha ye-url http / https noma elinye lamagama achazwe ngaphambilini ('LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' kanye 'Buypass-Test').

Kwezinye izinguquko ezigqamayo kule nguqulo entsha:

  • Kwengezwe ukuhlola okwengeziwe ukuthi ama-URI angahloselwe ukuba ngummeleli aqukethe uhlelo lwe-http / https, kodwa lawo ahloselwe ummeleli aqukethe igama lomethuleli.
  • Ukuthumela izimpendulo zesikhashana ngemva kokuthola izicelo ngesihloko esithi "Lindela: 100-Qhubeka" kunikezwa ukuze kuboniswe umphumela wesimo esithi "100 Qhubeka" esikhundleni sesimo samanje sesicelo.
  • I-Mpm_event ixazulula inkinga yokumisa izinqubo zengane ezingasebenzi ngemva kokwenyuka komthwalo weseva.
  • Kuvunyelwe ukucacisa imiyalelo ye-MDContactEmail ngaphakathi kwesigaba .
  • Iziphazamisi ezimbalwa zilungisiwe, okuhlanganisa ukuvuza kwenkumbulo okwenzeka lapho ukhiye oyimfihlo ungalayishiwe.

Ngokuqondene ne ubuthakathaka obulungisiwe kule nguqulo entsha kubaluliwe okulandelayo:

  • I-CVE 2021-44790: Ibhafa lichichima ku-mod_lua, izicelo zokuhlaziya zibonisiwe, ezihlanganisa izingxenye eziningi (izingxenye eziningi). Ubungozi buthinta ukulungiselelwa lapho izikripthi ze-Lua zibiza khona ngokuthi r: parsebody () umsebenzi wokuncozulula umzimba wesicelo futhi uvumele umhlaseli ukuthi afinyelele ukuchichima kwebhafa ngokuthumela isicelo esiklanywe ngokukhethekile. Amaqiniso okuba khona kokuxhaphaza awakabonakali, kodwa okungenzeka ukuthi inkinga ingaholela ekutheni ikhodi yakho isetshenziswe kuseva.
  • Ukuba sengozini kwe-SSRF (I-Server Side Request Forgery): ku-mod_proxy, evumela, ekucushweni ngenketho ethi "ProxyRequests on", ngesicelo esivela ku-URI eyakhelwe ngokukhethekile, ukuqondisa kabusha isicelo kwesinye isilawuli kuseva efanayo eyamukela ukuxhumana ngesokhethi ye-Unix. isizinda. Inkinga ingasetshenziswa futhi ukudala ukuphahlazeka ngokudala izimo zokususa ireferensi yesikhombi esingenalutho. Inkinga ithinta izinguqulo ze-httpd ze-Apache kusukela ku-2.4.7.

Okokugcina, uma ungathanda ukwazi okwengeziwe ngale nguqulo entsha ekhishwe, ungabheka imininingwane ku isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.