Bug 29791 - apache new security issues CVE-2021-44224 and CVE-2021-44790
Summary: apache new security issues CVE-2021-44224 and CVE-2021-44790
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
: 29792 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-12-20 17:02 CET by David Walser
Modified: 2021-12-22 00:28 CET (History)
4 users (show)

See Also:
Source RPM: apache-2.4.51-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-12-20 17:02:04 CET 
Apache has announced version 2.4.52 today (December 20):
https://downloads.apache.org/httpd/Announcement2.4.html

It fixes two security issues:
https://downloads.apache.org/httpd/CHANGES_2.4.52
https://httpd.apache.org/security/vulnerabilities_24.html

Update already built by Thomas.

apache-2.4.52-1.mga8
apache-devel-2.4.52-1.mga8
apache-mod_proxy-2.4.52-1.mga8
apache-mod_http2-2.4.52-1.mga8
apache-mod_ssl-2.4.52-1.mga8
apache-mod_dav-2.4.52-1.mga8
apache-mod_cache-2.4.52-1.mga8
apache-mod_ldap-2.4.52-1.mga8
apache-mod_session-2.4.52-1.mga8
apache-mod_dbd-2.4.52-1.mga8
apache-mod_proxy_html-2.4.52-1.mga8
apache-htcacheclean-2.4.52-1.mga8
apache-mod_suexec-2.4.52-1.mga8
apache-mod_brotli-2.4.52-1.mga8
apache-mod_userdir-2.4.52-1.mga8
apache-doc-2.4.52-1.mga8

from apache-2.4.52-1.mga8.src.rpm
David Walser 2021-12-20 17:02:21 CET

CC: (none) => tmb

Comment 1 Thomas Backlund 2021-12-20 17:04:34 CET 
*** Bug 29792 has been marked as a duplicate of this bug. ***
Comment 2 Herman Viaene 2021-12-21 14:08:06 CET 
MGA8-64 Plasma on Lenovo B50 in Dutch
Before installation:
]# systemctl -l status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
     Active: inactive (dead)
No installation issues, ref bug 29536 for testing.
Thereafter:
# systemctl start httpd
[root@mach5 ~]# systemctl -l status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2021-12-21 13:59:12 CET; 4s ago
   Main PID: 6798 (/usr/sbin/httpd)
     Status: "Processing requests..."
      Tasks: 11 (limit: 9396)
     Memory: 44.5M
        CPU: 231ms
     CGroup: /system.slice/httpd.service
             ├─6798 /usr/sbin/httpd -DFOREGROUND
             ├─6801 /usr/sbin/httpd -DFOREGROUND
             ├─6803 /usr/sbin/httpd -DFOREGROUND
             ├─6805 /usr/sbin/httpd -DFOREGROUND
             ├─6807 /usr/sbin/httpd -DFOREGROUND
             └─6809 /usr/sbin/httpd -DFOREGROUND

dec 21 13:59:12 mach5.hviaene.thuis systemd[1]: Starting The Apache HTTP Server...
dec 21 13:59:12 mach5.hviaene.thuis systemd[1]: Started The Apache HTTP Server.
Point browser to localhost: It works!
Access to phpMyAdmin works OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2021-12-21 16:23:29 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-12-21 23:34:15 CET

Keywords: (none) => advisory

Comment 4 Mageia Robot 2021-12-22 00:28:58 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0577.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.