httpd: fix four CVEs

NOTE! commit fc00096e8... purports to fix the first 3 CVEs but uses the wrong rpm version. CVE-2021-26691: heap overflow CVE-2021-39275: out-of-bounds write CVE-2021-44790: buffer overflow CVE-2022-22720: http request smuggling Advance to version 2.4.6-97.el7.centos.5. === testing boot iso and log in; become root; httpd is not running systemctl stop lighttpd # free up port 80 systemctl start httpd # takes a while echo arf > /var/www/html/arf.txt # something to fetch wget http://localhost/arf.txt cat arf.txt This shows httpd is processing requests. === Closes-bug: 1960765 Closes-bug: 1969363 Change-Id: I4c90213f020762f037e1f207f73e0622a38984c2 Signed-off-by: Joe Slater <joe.slater@windriver.com>
2022-04-18 17:59:11 -04:00 · 2022-04-18 17:59:11 -04:00 · a56902554f
parent c6ed900d72
commit a56902554f
1 changed files with 2 additions and 2 deletions
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@ -293,8 +293,8 @@ horai-ume-uigothic-fonts-610-2.el7.noarch.rpm
 # hostname-3.13-3.el7.x86_64.rpm provided by mock
 httpcomponents-client-4.2.5-5.el7_0.noarch.rpm
 httpcomponents-core-4.2.4-6.el7.noarch.rpm
-httpd-2.4.6-97.el7.centos.x86_64.rpm
-httpd-tools-2.4.6-97.el7.centos.x86_64.rpm
+httpd-2.4.6-97.el7.centos.5.x86_64.rpm
+httpd-tools-2.4.6-97.el7.centos.5.x86_64.rpm
 hwdata-0.252-9.1.el7.x86_64.rpm
 hwloc-libs-1.11.8-4.el7.x86_64.rpm
 impallari-lobster-fonts-1.4-8.el7.noarch.rpm