安全公告详情

NS-SA-2021-0036

2021-03-09 14:13:24

简介

important: libexif/httpd security update

严重级别

important

主题

An update for libexif/httpd is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libexif: API Documentation for programmers wishing to use libexif in their programs.
httpd: The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.


Security Fix(es):
libexif: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774(CVE-2019-9278)
libexif: _entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.(CVE-2020-12767)
libexif: An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.(CVE-2020-13113)
libexif: An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.(CVE-2020-13114)
libexif: In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917(CVE-2020-0182)
libexif: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1487051(CVE-2020-0093)
libexif: A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-0452)
libexif: bugfix
httpd: A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)
httpd: It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header.(CVE-2018-1283)
httpd: A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.(CVE-2018-1303)
httpd: In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.(CVE-2017-15715)
httpd: A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.(CVE-2020-1927)
httpd: A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-1934)
httpd: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F30B3.

影响组件

  • libexif
  • httpd

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["libexif-0.6.22-2.el7_9.x86_64.rpm","libexif-devel-0.6.22-2.el7_9.x86_64.rpm","libexif-doc-0.6.22-2.el7_9.x86_64.rpm"],"source":"libexif-0.6.22-2.el7_9.src.rpm"},{"binary":["httpd-2.4.6-97.el7.centos.x86_64.rpm","httpd-tools-2.4.6-97.el7.centos.x86_64.rpm","mod_ldap-2.4.6-97.el7.centos.x86_64.rpm","httpd-manual-2.4.6-97.el7.centos.noarch.rpm","mod_proxy_html-2.4.6-97.el7.centos.x86_64.rpm","mod_session-2.4.6-97.el7.centos.x86_64.rpm","mod_ssl-2.4.6-97.el7.centos.x86_64.rpm","httpd-devel-2.4.6-97.el7.centos.x86_64.rpm"],"source":"httpd-2.4.6-97.el7.centos.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["libexif-doc-0.6.22-2.el7_9.x86_64.rpm","libexif-0.6.22-2.el7_9.x86_64.rpm","libexif-devel-0.6.22-2.el7_9.x86_64.rpm"],"source":"libexif-0.6.22-2.el7_9.src.rpm"},{"binary":["mod_ssl-2.4.6-97.el7.centos.x86_64.rpm","mod_ldap-2.4.6-97.el7.centos.x86_64.rpm","httpd-devel-2.4.6-97.el7.centos.x86_64.rpm","httpd-2.4.6-97.el7.centos.x86_64.rpm","mod_session-2.4.6-97.el7.centos.x86_64.rpm","httpd-tools-2.4.6-97.el7.centos.x86_64.rpm","httpd-manual-2.4.6-97.el7.centos.noarch.rpm","mod_proxy_html-2.4.6-97.el7.centos.x86_64.rpm"],"source":"httpd-2.4.6-97.el7.centos.src.rpm"}]}]}

CVE

参考