This update addresses CVE-2021-42013.
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-2a10bc68a4
Please log in to add feedback.
0 | 2 | Test Case HTTPd |
This update has been submitted for testing by jorton.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for stable by bodhi.
This update's test gating status has been changed to 'failed'.
FEDORA-2021-2a10bc68a4 ejected from the push because 'Required tests did not pass on this update'
Tested as working in production (http, https, virtual hosts w/ SNI, mod_ssl, ipv4 & ipv6, ssllabs test (A+), logging, mod_security, mod_cloudflare) etc, updated from 2.4.50:
Time : Sa 09 Okt 2021 09:57:14 CEST Return Code : Success Releasever: 34 dnf update httpd-2.4.51-1.fc34.x86_64.rpm httpd-filesystem-2.4.51-1.fc34.noarch.rpm httpd-tools-2.4.51-1.fc34.x86_64.rpm mod_ssl-2.4.51-1.fc34.x86_64.rpm mod_lua-2.4.51-1.fc34.x86_64.rpm httpd-devel-2.4.51-1.fc34.x86_64.rpm
This update has been submitted for stable by bodhi.
FEDORA-2021-2a10bc68a4 ejected from the push because 'Required tests did not pass on this update'
Could someone (who knows whats going on with this update) correct this please?
I started the missing test manually. Let's see...
This update's test gating status has been changed to 'passed'.
This update has been submitted for testing by mooninite.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for stable by bodhi.
This update's test gating status has been changed to 'passed'.
This update has been pushed to stable.