Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/httpd
History
Patrick J Volkerding 0807d59d4d Fri Oct 8 03:23:28 UTC 2021 
n/httpd-2.4.51-x86_64-1.txz:  Upgraded.
  SECURITY: CVE-2021-42013: Path Traversal and Remote Code
  Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
  fix of CVE-2021-41773) (cve.mitre.org)
  It was found that the fix for CVE-2021-41773 in Apache HTTP
  Server 2.4.50 was insufficient.  An attacker could use a path
  traversal attack to map URLs to files outside the directories
  configured by Alias-like directives.
  If files outside of these directories are not protected by the
  usual default configuration "require all denied", these requests
  can succeed. If CGI scripts are also enabled for these aliased
  pathes, this could allow for remote code execution.
  This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
  earlier versions.
  Credits: Reported by Juan Escobar from Dreamlab Technologies,
  Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
  (* Security fix *)
2021-10-08 08:59:45 +02:00
..
doinst.sh Mon Sep 24 21:37:09 UTC 2018 2018-09-25 09:00:30 +02:00
httpd.runasapache.diff Slackware 13.0 2018-05-31 22:41:17 +02:00
httpd.SlackBuild Mon Jun 7 18:53:49 UTC 2021 2021-06-07 23:59:59 +02:00
httpd.url Fri Oct 8 03:23:28 UTC 2021 2021-10-08 08:59:45 +02:00
logrotate.httpd Sun May 23 19:31:03 UTC 2021 2021-05-24 08:59:55 +02:00
rc.httpd Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
slack-desc Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00