MGASA-2022-0105

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0105.html

Import Source

https://advisories.mageia.org/MGASA-2022-0105.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0105

Related

Published

2022-03-21T20:18:30Z

Modified

2022-03-21T19:30:29Z

Summary

Updated apache packages fix security vulnerability

Details

SECURITY: CVE-2022-23943: modsed: Read/write beyond bounds. Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Credits: Ronald Crane (Zippenhop LLC)

SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. Credits: Anonymous working with Trend Micro Zero Day Initiative

SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle <james.kettle portswigger.net>

SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. Credits: Chamal De Silva

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / apache

Package

Name: apache
Purl: pkg:rpm/mageia/apache?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.53-1.mga8

Ecosystem specific

{
    "section": "core"
}