Inguqulo entsha ye-Apache 2.4.43 isivele ikhishiwe, iza nokuthuthuka kumamojula nokuningi

Darkcrizt

Imizuzu ye-4

La I-Apache Software Foundation yethulwe Ezinsukwini ezithile ezedlule ukukhishwa kwenguqulo entsha yeseva ye-HTTP "i-Apache 2.4.43", Eletha izinguquko ezingama-34 nobungozi obungu-3 bulungisiwe, ngaphezu kokuhlinzeka ngochungechunge lokuthuthuka kunenguqulo 2.2.

Kulabo abangajwayelene ne-Apache, kufanele bazi ukuthi kuyini iseva yewebhu ye-HTTP yomthombo ovulekile, etholakala kuzingxenyekazi ze-Unix (i-BSD, i-GNU / i-Linux, njll.), iMicrosoft Windows, iMacintosh nezinye.

Yini okusha ku-Apache 2.4.43?

Le nguqulo entsha yeseva ithathwa njengebalulekile njengoba kukhombisa ukuphela kwempilo yegatsha elingu-2.2x nokuthi le nguqulo isuselwe futhi inwebisa i-Apache 2.2 API futhi amamojuli abhalelwe i-Apache 2.2 kuzodingeka abuyiselwe ukuze asebenze ne-Apache 2.4.

Phakathi kwezinguquko ezinkulu ezigqamile kule nguqulo yi ungeza imodyuli entsha "mod_systemd", lokho inikeza ukuhlanganiswa nomphathi wohlelo lweSystemd futhi lokho kuvumela ukusebenzisa i-httpd kumasevisi ngohlobo »Type = notify».

Futhi, mod_md amakhono wamamojula ithuthukiswe yiphrojekthi ethi Masibethele ukwenza i-automate ukwamukelwa nokugcinwa kwezitifiketi kusetshenziswa umthetho olandelwayo we-ACME (i-Automatic Certificate Management Environment) ziyandiswa.

Kusukela kuzinguquko kumamojula, singakuthola lokho kwe mod_authn_socache umkhawulo osayizi womugqa ofakwe kunqolobane ukhulisiwe ukusuka ku-100 kuye ku-256.

Ku-mod_ssl, umthetho olandelwayo we-TLS uxoxiswene kanye nabasingathi ababonakalayo (okuhambisana nokuhlanganiswa ne-OpenSSL-1.1.1 +.

UMod_ssl ungeze ukusekelwa kokusebenzisa okhiye nezitifiketi ezizimele ze-OpenSSL ENGINE lapho kucaciswa i-PKCS # 11 URI ku-SSLCertificateFile / KeyFile.

i-mod_proxy_hcheck ingeze usekelo lwe-% {Content-Type} mask kumasisho wokuhlola.

CookieSameSite, CookieHTTPOnly and CookieSecure modes added to mod_usertrack ukulungisa i-cookie processing usertrack.

IMod_proxy_ajp yabashayeli bama-proxy isebenzisa ipharamitha "eyimfihlo" ukusekela umthetho olandelwayo we-AJP13 owehlisiwe.

Ngemiyalo echazwe kusiqondisi se-MDMessageCmd, ikholi enengxabano "efakiwe" inikezwa lapho kwenziwa isitifiketi esisha ngemuva kokuqalisa kabusha isiphakeli (isibonelo, singasetshenziswa ukukopisha noma ukuguqula isitifiketi esisha sezinye izinhlelo zokusebenza).

Isiqondisi seMDContactEmail sengeziwe, lapho ungacacisa khona i-imeyili yokuxhumana engahambelani nemininingwane ekusiqondisi se-ServerAdmin.

Kwezinye izinguquko okuvelele kule nguqulo:

  • Ukusekelwa kokuhlanganiswa kwesiphambano kungezwe kuma-apx.
  • Kubo bonke ababungazi ababonakalayo, ukusekelwa kunikezwa umthetho olandelwayo osetshenziswayo lapho kuxoxiswana ngesiteshi sokuxhumana esivikelekile ("tls-alpn-01").
  • Imikhombandlela ye-Mod_md ivunyelwe kumabhulokhi futhi .
  • Kushintshwe izilungiselelo zangaphambilini lapho usebenzisa izinselelo zeMDCAC futhi.
  • Kungezwe amandla okusetha i-url ye-CTLog Monitor.
  • Kungezwe ukumiswa okusethelwe i-OpenWRT.
  • Ukuhlolwa kwenziwa kusetshenziswa uhlelo lokuhlanganisa oluqhubekayo lweTravis CI.
  • Izihloko zokufaka ikhodi zokudluliswa okuhlukanisiwe.
  • Ngenxa yokusetshenziswa kwe-hashing yamathebula womyalo, ukuqala kabusha kumodi "enomusa" kusheshisiwe (ngaphandle kokuphazamisa abaphathi bezicelo abasetshenzisiwe).
  • Amathebula engezwe ku- mod_lua r: headers_in_table, r: headers_out_table, r: err_headers_out_table, r: notes_table kanye r: subprocess_env_table, atholakala ngemodi yokufunda kuphela. Vumela amatafula ukuthi asethwe angasebenzi.

Ngokwengxenye yamaphutha alungisiwe kule nguqulo entsha:

  • I-CVE-2020-1927: ukuba sengozini kwe-mod_rewrite, okuvumela iseva ukuthi isetshenziselwe ukudlulisela izingcingo kwezinye izinsiza (ukuvula kabusha ukuqondisa kabusha). Ezinye izilungiselelo ze-mod_rewrite zingathatha umsebenzisi ziye kwesinye isixhumanisi esifakiwe kusetshenziswa umugqa wokuphakelayo komugqa ngaphakathi kwepharamitha esetshenziswe ekuqondisweni kabusha okukhona.
  • I-CVE-2020-1934: ukuba sengozini ku-mod_proxy_ftp. Sebenzisa amanani angaqalisiwe kungadala ukuvuza kwenkumbulo lapho kuthunyelwa izicelo kuseva ye-FTP elawulwa ngabahlaseli.
  • Ukuvuza kwenkumbulo ku-mod_ssl okwenzeka lapho kufakwa izicelo ze-OCSP.

Okokugcina uma ufuna ukwazi kabanzi ngayo mayelana nalokhu kukhishwa okusha, ungabheka imininingwane ku- isixhumanisi esilandelayo.

Landa

Ungathola inguqulo entsha ngokuya kuwebhusayithi esemthethweni ye-Apache futhi esigabeni sayo sokulanda uzothola isixhumanisi senguqulo entsha.

Isixhumanisi yilokhu.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.