diff options
author | GLSAMaker <glsamaker@gentoo.org> | 2022-08-14 00:09:33 +0000 |
---|---|---|
committer | John Helmert III <ajak@gentoo.org> | 2022-08-13 19:11:42 -0500 |
commit | 7809350d99ef042a9f97a7a6edcb9ca5c28db476 (patch) | |
tree | cd1ac904e9ebeff1f8dd415bc5058d70445f09a2 | |
parent | [ GLSA 202208-02 ]: fix 'shoud' typo (diff) | |
download | glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.gz glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.tar.bz2 glsa-7809350d99ef042a9f97a7a6edcb9ca5c28db476.zip |
[ GLSA 202208-20 ] Apache HTTPD: Multiple Vulnerabilities
Bug: https://bugs.gentoo.org/813429
Bug: https://bugs.gentoo.org/816399
Bug: https://bugs.gentoo.org/816864
Bug: https://bugs.gentoo.org/829722
Bug: https://bugs.gentoo.org/835131
Bug: https://bugs.gentoo.org/850622
Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r-- | glsa-202208-20.xml | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/glsa-202208-20.xml b/glsa-202208-20.xml new file mode 100644 index 00000000..58744f5a --- /dev/null +++ b/glsa-202208-20.xml @@ -0,0 +1,78 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202208-20"> + <title>Apache HTTPD: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">apache,apache-tools</product> + <announced>2022-08-14</announced> + <revised count="1">2022-08-14</revised> + <bug>813429</bug> + <bug>816399</bug> + <bug>816864</bug> + <bug>829722</bug> + <bug>835131</bug> + <bug>850622</bug> + <access>remote</access> + <affected> + <package name="app-admin/apache-tools" auto="yes" arch="*"> + <unaffected range="ge">2.4.54</unaffected> + <vulnerable range="lt">2.4.54</vulnerable> + </package> + <package name="www-servers/apache" auto="yes" arch="*"> + <unaffected range="ge">2.4.54</unaffected> + <vulnerable range="lt">2.4.54</vulnerable> + </package> + </affected> + <background> + <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache HTTPD users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" + </code> + + <p>All Apache HTTPD tools users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri> + </references> + <metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata> +</glsa>
\ No newline at end of file |