system environment/daemons

Jump to letter: [ ABCDEFGHIJLMNOPRSTUVX ]

mod_md - Managing domains across virtual hosts, certificate provisioning via the ACME protocol

Website: http://httpd.apache.org/
License: ASL 2.0
Vendor: AnNyung Packaging Team
Description:
The mod_session module is managing domains across virtual hosts,
implementing the Let's Encrypt ACMEv1 protocol to signup and renew
certificates. Please read the modules documentation for further
instructions on how to use it.

Packages

mod_md-2.4.57-1.an3.x86_64 [155 KiB] Changelog by JoungKyun.Kim (2023-08-26): 
- update 2.4.57
  see also https://downloads.apache.org/httpd/CHANGES_2.4.57
- security issues
  . CVE-2023-27522: mod_proxy_uwsgi HTTP response splitting
  . CVE-2023-25690: mod_rewrite, mod_proxy HTTP request splitting
mod_md-2.4.55-1.an3.x86_64 [154 KiB] Changelog by JoungKyun.Kim (2023-02-08): 
- update 2.4.55
  see also https://downloads.apache.org/httpd/CHANGES_2.4.55
- security issues
  . CVE-2022-37436: mod_proxy allows a backend to trigger HTTP response splitting
  . CVE-2022-36760: mod_proxy_ajp Possible request smuggling
  . CVE-2006-20001: mod_dav out of  bounds read, or write of zero byte
mod_md-2.4.54-1.an3.x86_64 [153 KiB] Changelog by JoungKyun.Kim (2022-08-27): 
- update 2.4.54
  see also https://downloads.apache.org/httpd/CHANGES_2.4.54
- security issues
  . CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
  . CVE-2022-30556: Information Disclosure in mod_lua with websockets
  . CVE-2022-30522: mod_sed denial of service
  . CVE-2022-29404: Denial of service in mod_lua r:parsebody
  . CVE-2022-28615: Read beyond bounds in ap_strcmp_match()
  . CVE-2022-28614: read beyond bounds via ap_rwrite()
  . CVE-2022-28330: read beyond bounds in mod_isapi
  . CVE-2022-26377: mod_proxy_ajp: Possible request smuggling
mod_md-2.4.53-1.an3.x86_64 [147 KiB] Changelog by JoungKyun.Kim (2022-03-25): 
- update 2.4.53
  see also https://downloads.apache.org/httpd/CHANGES_2.4.53
- security issues
  . CVE-2022-22719 lua: uninitialized value of in r:parsebody
  . CVE-2022-22720 HTTP request smuggling vulnerability
  . CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  . CVE-2022-23943 sed: Read/write beyond bounds
mod_md-2.4.52-1.an3.x86_64 [147 KiB] Changelog by JoungKyun.Kim (2021-12-29): 
- update 2.5.52
  see also https://downloads.apache.org/httpd/CHANGES_2.4.52
- security issues
  . CVE-2021-44790 lua: Possible buffer overflow when parsing multipart content
  . CVE-2021-44224 proxy: Possible NULL dereference or SSRF in forward proxy configurations
mod_md-2.4.51-1.an3.x86_64 [144 KiB] Changelog by JoungKyun.Kim (2021-10-13): 
- update 2.4.51
  see also https://downloads.apache.org/httpd/CHANGES_2.4.50
  see also https://downloads.apache.org/httpd/CHANGES_2.4.51
- security isseus
  . CVE-2021-42013 core: Path traversal and file disclosure vulnerability
  . CVE-2021-41773 core: Path traversal and file disclosure vulnerability
  . CVE-2021-41524 core: null pointer dereference in h2 fuzzing
mod_md-2.4.49-1.an3.x86_64 [143 KiB] Changelog by JoungKyun.Kim (2021-10-03): 
- update 2.4.49
  see also https://downloads.apache.org/httpd/CHANGES_2.4.49
- security issues
  . CVE-2021-34798 core: null pointer dereference on malformed request
  . CVE-2021-39275 core: ap_escape_quotes buffer overflow
  . CVE-2021-33193 mod_http2: Request splitting vulnerability with mod_proxy
  . CVE-2021-40438 mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty
  . CVE-2021-36160 mod_proxy_uwsgi: Out of bound read vulnerability
mod_md-2.4.48-1.an3.x86_64 [142 KiB] Changelog by JoungKyun.Kim (2021-07-22): 
- update 2.4.48
  see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
  . CVE-2021-31618
  . CVE-2021-30641
  . CVE-2020-35452
  . CVE-2021-26691
  . CVE-2021-26690
  . CVE-2020-13950
  . CVE-2020-13938
  . CVE-2019-17567
mod_md-2.4.46-1.an3.x86_64 [135 KiB] Changelog by JoungKyun.Kim (2020-08-17): 
- update 2.4.46
  see also https://downloads.apache.org/httpd/CHANGES_2.4.44
  see also https://downloads.apache.org/httpd/CHANGES_2.4.45
  see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
  . CVE-2020-11984
  . CVE-2020-11993
mod_md-2.4.43-1.an3.x86_64 [135 KiB] Changelog by JoungKyun.Kim (2020-04-06): 
- update 2.4.43
  see also https://downloads.apache.org/httpd/CHANGES_2.4.43
- security issues
  . CVE-2020-1934
  . CVE-2020-1927
mod_md-2.4.41-1.an3.x86_64 [118 KiB] Changelog by JoungKyun.Kim (2019-08-24): 
- update 2.4.41
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.41
- security issues
  . CVE-2019-10081 mod_http2
  . CVE-2019-9517  mod_http2
  . CVE-2019-10098 rewrite
  . CVE-2019-10092
  . CVE-2019-10097 mod_remoteip
  . CVE-2019-10082 mod_http2
mod_md-2.4.39-1.an3.x86_64 [99 KiB] Changelog by JoungKyun.Kim (2019-05-13): 
- update 2.4.39
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.36
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.38
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.39
- support TLS 1.3
- security issues
  . CVE-2019-0197 mod_http2
  . CVE-2019-0196 mod_http2
  . CVE-2019-0211 MPM
  . CVE-2019-0217 mod_auth_digest
  . CVE-2019-0215 mod_ssl
  . CVE-2019-0190 mod_ssl
  . CVE-2019-0220 Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`
  . CVE-2018-17199 mod_session_cookie
  . CVE-2018-17189 mod_http2
mod_md-2.4.37-1.an3.x86_64 [103 KiB] Changelog by JoungKyun.Kim (2018-12-10): 
- update 2.4.37
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
mod_md-2.4.35-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-10-13): 
- update 2.4.35
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.35
mod_md-2.4.34-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-08-19): 
- update 2.4.34
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.34
- security issues
  . CVE-2018-8011 mod_md
    DoS via Coredumps on specially crafted requests
  . CVE-2018-1333 mod_http2
    DoS for HTTP/2 connections by specially crafted requests
mod_md-2.4.33-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-04-08): 
- update 2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
  . CVE-2017-15710 mod_authnz_ldap:
    Out of bound write with AuthLDAPCharsetConfig enabled
  . CVE-2017-15715 core:
    Configure the regular expression engine to match '$' to the end of
    the input string only, excluding matching the end of any embedded 
    newline characters. Behavior can be changed with new directive 
    'RegexDefaultOptions'.
  . CVE-2018-1283 mod_session:
    CGI-like applications that intend to read from mod_session's 
    'SessionEnv ON' could be fooled into reading user-supplied data instead.
  . CVE-2018-1301 core:
    Possible crash with excessively long HTTP request headers. 
    Impractical to exploit with a production build and production LogLevel.
  . CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
  . CVE-2018-1303 mod_cache_socache:
    Fix request headers parsing to avoid a possible crash
    with specially crafted input data.
  . CVE-2018-1312 mod_auth_digest:
    Fix generation of nonce values to prevent replay
    attacks across servers using a common Digest domain. This change
    may cause problems if used with round robin load balancers.

Listing created by Repoview-0.6.6-4.el7