Apache 2.4.53 ya zo tare da haɓakawa, gyare-gyare da ƙari

Wasu kwanaki da suka gabata sakin sabon sigar gyara uwar garken Apache HTTP 2.4.53, wanda ke gabatar da canje-canje 14 kuma yana gyara raunin 4. A cikin sanarwar wannan sabuwar sigar an ambaci cewa shine sakin karshe na reshe 2.4.x na Apache HTTPD kuma yana wakiltar shekaru goma sha biyar na ƙirƙira ta aikin, kuma ana ba da shawarar akan duk sigogin da suka gabata.

Ga wadanda ba su san game da Apache ba, ya kamata su san cewa wannan shine shahararren buɗaɗɗen tushen sabar gidan yanar gizon HTTP, wanda ke samuwa ga dandamali na Unix (BSD, GNU / Linux, da sauransu), Microsoft Windows, Macintosh da sauransu.

Menene sabo a Apache 2.4.53?

A cikin sakin wannan sabon juzu'in na Apache 2.4.53 manyan canje-canjen da ba su da alaƙa da tsaro sune a cikin mod_proxy, wanda aka ƙara iyakar adadin haruffa da sunan controller, da kuma ikon ikon da aka kuma kara a zaɓan saita lokacin fita don baya da gaba (misali, dangane da ma'aikaci). Don buƙatun da aka aika ta hanyar yanar gizo ko hanyar CONNECT, an canza lokacin ƙarewa zuwa matsakaicin ƙimar da aka saita don baya da gaba.

Wani daga canje-canjen da yayi fice a cikin wannan sabon sigar shine sarrafa daban na buɗe fayilolin DBM da loda direban DBM. A cikin abin da ya faru, log ɗin yanzu yana nuna ƙarin cikakkun bayanai game da kuskuren da direban.

En mod_md ya daina sarrafa buƙatun zuwa /.well-known/acme-challenge/ sai dai idan tsarin yanki ya ba da damar yin amfani da nau'in ƙalubalen 'http-01', yayin da a cikin mod_dav an gyara koma baya wanda ya haifar da yawan ƙwaƙwalwar ajiya yayin sarrafa babban adadin albarkatu.

A daya hannun kuma, an kuma nuna cewa ikon yin amfani da pcre2 library (10.x) maimakon pcre (8.x) don aiwatar da maganganun yau da kullun sannan kuma ƙara LDAP anomaly parsing support ga masu tacewa don tace bayanai daidai lokacin ƙoƙarin aiwatar da harin maye gurbin LDAP kuma mpm_event ya kafa maƙasudin da ke faruwa lokacin sake kunnawa ko wuce iyakar MaxConnectionsPerChild akan. sosai lodi tsarin.

Na rauni da aka warware a cikin wannan sabuwar siga, an ambaci wadannan:

  • BAKU-2022-22720: wannan ya ba da damar yuwuwar samun damar yin harin "Smuggling Buƙatar HTTP", wanda ke ba da damar, ta hanyar aika buƙatun abokin ciniki na musamman, don yin kutse cikin abubuwan buƙatun sauran masu amfani waɗanda aka watsa ta hanyar mod_proxy (alal misali, yana iya cimma maye gurbin. lambar JavaScript mara kyau a cikin wani zaman mai amfani na rukunin). Matsalar tana faruwa ne ta hanyar haɗin haɗin yanar gizo da aka bar a buɗe bayan an sami kurakurai wajen sarrafa ƙungiyar buƙata mara inganci.
  • BAKU-2022-23943: wannan shine rashin lahani mai cike da ɓarna a cikin mod_sed module wanda ke ba da damar yin jujjuyawar ƙwaƙwalwar ajiya tare da bayanan sarrafa maharin.
  • BAKU-2022-22721: Wannan raunin ya ba da damar rubutawa zuwa ga buffer ba tare da iyaka ba saboda yawan adadin lamba wanda ke faruwa lokacin wucewar jikin buƙatun wanda ya fi 350 MB. Matsalar tana bayyana kanta akan tsarin 32-bit wanda aka saita ƙimar LimitXMLRequestBody da yawa (ta tsohuwa 1 MB, don harin dole ne iyaka ya wuce 350 MB).
  • BAKU-2022-22719: wannan lahani ne a cikin mod_lua wanda ke ba da damar karanta wuraren ƙwaƙwalwar ajiya bazuwar da toshe tsarin lokacin da ake sarrafa jikin buƙata na musamman. Matsalar tana faruwa ne ta hanyar amfani da ƙimar da ba a fara ba a cikin lambar aikin r: parsebody.

Finalmente idan kanaso ka kara sani game dashi game da wannan sabon sakin, zaku iya bincika cikakkun bayanai a ciki mahada mai zuwa.

Saukewa

Kuna iya samun sabon sigar ta hanyar zuwa gidan yanar gizon Apache na hukuma kuma a cikin sashin saukarwa zaku sami hanyar haɗi zuwa sabon sigar.

Haɗin haɗin shine wannan.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.