2021-08-21
ALT-BU-2021-4135-1
Branch p10 update bulletin.
Closed vulnerabilities
Published: 2021-03-01
BDU:2021-03678
Уязвимость веб-сервера Apache HTTP Server, связанная с переполнением кучи, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-06-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://httpd.apache.org/security/vulnerabilities_24.html
- [oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow
- [oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow
- [httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow
- [httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow
- [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
- [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json
- https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
- [debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update
- [debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update
- FEDORA-2021-dce7e7738e
- FEDORA-2021-dce7e7738e
- FEDORA-2021-e3f6dd670d
- FEDORA-2021-e3f6dd670d
- GLSA-202107-38
- GLSA-202107-38
- https://security.netapp.com/advisory/ntap-20210702-0001/
- https://security.netapp.com/advisory/ntap-20210702-0001/
- DSA-4937
- DSA-4937
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Closed vulnerabilities
Published: 2021-07-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-37601
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- [oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)
- [oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)
- FEDORA-2021-fe9513e089
- FEDORA-2021-fe9513e089
- FEDORA-2021-1d574ae400
- FEDORA-2021-1d574ae400
- https://prosody.im/
- https://prosody.im/
- https://prosody.im/security/advisory_20210722/
- https://prosody.im/security/advisory_20210722/
Package jakarta-interceptors updated to version 2.0.0-alt1_3jpp11 for branch p10 in task 282811.
Closed bugs
Файловый конфликт с geronimo-interceptor