[ GLSA 202208-20 ] Apache HTTPD: Multiple Vulnerabilities

Bug: https://bugs.gentoo.org/813429 Bug: https://bugs.gentoo.org/816399 Bug: https://bugs.gentoo.org/816864 Bug: https://bugs.gentoo.org/829722 Bug: https://bugs.gentoo.org/835131 Bug: https://bugs.gentoo.org/850622 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org>
author: GLSAMaker <glsamaker@gentoo.org> 2022-08-14 00:09:33 +0000
committer: John Helmert III <ajak@gentoo.org> 2022-08-13 19:11:42 -0500
commit: 7809350d99ef042a9f97a7a6edcb9ca5c28db476 (patch)
tree: cd1ac904e9ebeff1f8dd415bc5058d70445f09a2
parent: [ GLSA 202208-02 ]: fix 'shoud' typo (diff)
download: glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.gz
glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.bz2
glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.zip
1 files changed, 78 insertions, 0 deletions
diff --git a/glsa-202208-20.xml b/glsa-202208-20.xml
new file mode 100644
index 00000000..58744f5a
--- /dev/null
+++ b/glsa-202208-20.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-20">
+    <title>Apache HTTPD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">apache,apache-tools</product>
+    <announced>2022-08-14</announced>
+    <revised count="1">2022-08-14</revised>
+    <bug>813429</bug>
+    <bug>816399</bug>
+    <bug>816864</bug>
+    <bug>829722</bug>
+    <bug>835131</bug>
+    <bug>850622</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/apache-tools" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+        <package name="www-servers/apache" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache HTTPD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
+        </code>
+        
+        <p>All Apache HTTPD tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
author	GLSAMaker <glsamaker@gentoo.org>	2022-08-14 00:09:33 +0000
committer	John Helmert III <ajak@gentoo.org>	2022-08-13 19:11:42 -0500
commit	7809350d99ef042a9f97a7a6edcb9ca5c28db476 (patch)
tree	cd1ac904e9ebeff1f8dd415bc5058d70445f09a2
parent	[ GLSA 202208-02 ]: fix 'shoud' typo (diff)
download	glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.gz glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.bz2 glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.zip