Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 650
    • Issues 650
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 207
    • Merge Requests 207
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #7463

Closed
Open
Opened Jun 29, 2017 by Alicha CH@alichaReporter

[3.7] apache2: Several vulnerabilities (CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679)

CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party
modules outside of the authentication phase may lead to authentication requirements being bypassed.

References:

https://httpd.apache.org/security/vulnerabilities\_24.html

CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when
third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

References:

https://httpd.apache.org/security/vulnerabilities\_24.html

CVE-2017-7659: mod_http2 null pointer dereference

Affects: 2.4.25

Fixed in: 2.4.26.

References:

http://www.openwall.com/lists/oss-security/2017/06/19/5
https://httpd.apache.org/security/vulnerabilities\_24.html

CVE-2017-7668: ap_find_token() buffer overread

Affects: 2.4.25

Fixed in: 2.4.26

References:

https://httpd.apache.org/security/vulnerabilities\_24.html

CVE-2017-7679: mod_mime Buffer Overread

Affects: 2.4.25

Fixed in: 2.4.26

References:

https://httpd.apache.org/security/vulnerabilities\_24.html

(from redmine: issue id 7463, created on 2017-06-29, closed on 2017-07-11)

  • Relations:
    • parent #7462 (closed)
  • Changesets:
    • Revision c930c29f by Kaarle Ritvanen on 2017-07-06T11:26:18Z:
main/apache2: security upgrade to 2.4.26

fixes #7463
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.0
Milestone
3.7.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#7463