• version update to 2.4.50
  • security update (CVE-2021-41524 + CVE-2021-33193)

How to install

sudo dnf upgrade --advisory=FEDORA-2021-5d2d4b6ac5

This update has been submitted for testing by luhliarik.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update's test gating status has been changed to 'waiting'.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago
User Icon vwbusguy commented & provided feedback 2 weeks ago
karma

Applied to my Nextcloud server and verified that it all seems to basically be working including http/2 and a mod_proxy service.

BZ#1996514 CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]
BZ#2010554 httpd-2.4.50 is available
BZ#2010935 CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]
User Icon vwbusguy commented & provided feedback 2 weeks ago

FYI, this update also seems to address CVE-2021-41773 : https://bugzilla.redhat.com/show_bug.cgi?id=2010758

User Icon imabug provided feedback 2 weeks ago
karma
User Icon ibims provided feedback 2 weeks ago
karma

This update has been pushed to testing.

2 weeks ago

This update has been submitted for stable by bodhi.

2 weeks ago

This update's test gating status has been changed to 'passed'.

2 weeks ago
User Icon dowdle commented & provided feedback 2 weeks ago
karma

Worked for me on 5 systems.

This update has been pushed to stable.

2 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 weeks ago
in testing
2 weeks ago
in stable
2 weeks ago
BZ#1996514 CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]
0
0
BZ#2010554 httpd-2.4.50 is available
0
0
BZ#2010935 CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case HTTPd