This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39
The following security vulnerabilities are addressed:
MPMs unix: Fix a local priviledge escalation vulnerability by not
maintaining each child's listener bucket number in the scoreboard,
preventing unprivileged code like scripts run by/on the server (e.g. via
mod_php) from modifying it persistently to abuse the priviledged main
mod_ssl: Fix access control bypass for per-location/per-dir client
certificate verification in TLSv1.3.
mod_auth_digest: Fix a race condition checking user credentials which
could allow a user with valid credentials to impersonate another,
under a threaded MPM.
Merge consecutive slashes in URL's. Opt-out with
sudo dnf upgrade --advisory=FEDORA-2019-a4ed7400f4
Please login to add feedback.
|0||0||Test Case HTTPd|