BDU:2025-08695

Уязвимость функции mod_proxy_http2 веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2025-49630

Published: 2025-07-10
Modified: 2025-07-29

CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://httpd.apache.org/security/vulnerabilities_24.html

Published: 2025-07-10
Modified: 2025-07-29

CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://httpd.apache.org/security/vulnerabilities_24.html

Package plots updated to version 0.8.5-alt2.2 for branch sisyphus in task 390543.

plots: ошибка обновления

Package plots updated to version 0.8.5-alt2.3 for branch sisyphus in task 390569.

plots не запускается

Version: 2.1.2

Branch sisyphus update on 2025-07-23

ALT-BU-2025-9563-1

ALT-PU-2025-9532-1

Closed bugs

Bug #55304

ALT-PU-2025-9534-3

Closed bugs

Bug #42373

ALT-PU-2025-9536-1

Closed vulnerabilities

BDU:2025-08695

CVE-2025-49630

CVE-2025-53020

ALT-PU-2025-9542-2

Closed bugs

Bug #55262

ALT-PU-2025-9544-3

Closed bugs

Bug #55045