Advisories » MGASA-2020-0166

Updated apache packages fix security vulnerabilities

Publication date: 15 Apr 2020
Modification date: 15 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-XXXX

Description

Updated apache packages fix security vulnerabilities:

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with
mod_rewrite that were intended to be self-referential might be fooled
by encoded newlines and redirect instead to an an unexpected URL within
the request URL (CVE-2020-1927).

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized
memory when proxying to a malicious FTP server (CVE-2020-1934).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26418
• https://www.apache.org/dist/httpd/CHANGES_2.4.43
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-XXXX

SRPMS

7/core

• apache-2.4.43-1.mga7