critical: httpd security update
moderate
An update for httpd is now available for NewStart CGSL MAIN V6.06.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
httpd: mod_lua: Possible buffer overflow when parsing multipart content
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
httpd: mod_http2 concurrent pool usage
httpd: mod_session: NULL pointer dereference when parsing Cookie header
httpd: URL normalization inconsistency
httpd: mod_rewrite potential open redirect
httpd: mod_http2: DoS via slow, unneeded request bodies
Solution:
Remember the build tag is 6.06.02B5.