system environment/daemons

Jump to letter: [ ABCEFGHIJLMNOPRSTUVWXY ]

httpd - Apache HTTP Server

Website: http://httpd.apache.org/
License: ASL 2.0
Vendor: AnNyung Packaging Team
Description:
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Packages

httpd-2.4.57-1.an3.src [8.5 MiB] Changelog by JoungKyun.Kim (2023-08-26): 
- update 2.4.57
  see also https://downloads.apache.org/httpd/CHANGES_2.4.57
- security issues
  . CVE-2023-27522: mod_proxy_uwsgi HTTP response splitting
  . CVE-2023-25690: mod_rewrite, mod_proxy HTTP request splitting
httpd-2.4.55-1.an3.src [8.5 MiB] Changelog by JoungKyun.Kim (2023-02-08): 
- update 2.4.55
  see also https://downloads.apache.org/httpd/CHANGES_2.4.55
- security issues
  . CVE-2022-37436: mod_proxy allows a backend to trigger HTTP response splitting
  . CVE-2022-36760: mod_proxy_ajp Possible request smuggling
  . CVE-2006-20001: mod_dav out of  bounds read, or write of zero byte
httpd-2.4.54-1.an3.src [8.6 MiB] Changelog by JoungKyun.Kim (2022-08-27): 
- update 2.4.54
  see also https://downloads.apache.org/httpd/CHANGES_2.4.54
- security issues
  . CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
  . CVE-2022-30556: Information Disclosure in mod_lua with websockets
  . CVE-2022-30522: mod_sed denial of service
  . CVE-2022-29404: Denial of service in mod_lua r:parsebody
  . CVE-2022-28615: Read beyond bounds in ap_strcmp_match()
  . CVE-2022-28614: read beyond bounds via ap_rwrite()
  . CVE-2022-28330: read beyond bounds in mod_isapi
  . CVE-2022-26377: mod_proxy_ajp: Possible request smuggling
httpd-2.4.53-1.an3.src [8.5 MiB] Changelog by JoungKyun.Kim (2022-03-25): 
- update 2.4.53
  see also https://downloads.apache.org/httpd/CHANGES_2.4.53
- security issues
  . CVE-2022-22719 lua: uninitialized value of in r:parsebody
  . CVE-2022-22720 HTTP request smuggling vulnerability
  . CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
  . CVE-2022-23943 sed: Read/write beyond bounds
httpd-2.4.52-1.an3.src [8.5 MiB] Changelog by JoungKyun.Kim (2021-12-29): 
- update 2.5.52
  see also https://downloads.apache.org/httpd/CHANGES_2.4.52
- security issues
  . CVE-2021-44790 lua: Possible buffer overflow when parsing multipart content
  . CVE-2021-44224 proxy: Possible NULL dereference or SSRF in forward proxy configurations
httpd-2.4.51-1.an3.src [8.7 MiB] Changelog by JoungKyun.Kim (2021-10-13): 
- update 2.4.51
  see also https://downloads.apache.org/httpd/CHANGES_2.4.50
  see also https://downloads.apache.org/httpd/CHANGES_2.4.51
- security isseus
  . CVE-2021-42013 core: Path traversal and file disclosure vulnerability
  . CVE-2021-41773 core: Path traversal and file disclosure vulnerability
  . CVE-2021-41524 core: null pointer dereference in h2 fuzzing
httpd-2.4.49-1.an3.src [8.3 MiB] Changelog by JoungKyun.Kim (2021-10-03): 
- update 2.4.49
  see also https://downloads.apache.org/httpd/CHANGES_2.4.49
- security issues
  . CVE-2021-34798 core: null pointer dereference on malformed request
  . CVE-2021-39275 core: ap_escape_quotes buffer overflow
  . CVE-2021-33193 mod_http2: Request splitting vulnerability with mod_proxy
  . CVE-2021-40438 mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty
  . CVE-2021-36160 mod_proxy_uwsgi: Out of bound read vulnerability
httpd-2.4.48-1.an3.src [8.3 MiB] Changelog by JoungKyun.Kim (2021-07-22): 
- update 2.4.48
  see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
  . CVE-2021-31618
  . CVE-2021-30641
  . CVE-2020-35452
  . CVE-2021-26691
  . CVE-2021-26690
  . CVE-2020-13950
  . CVE-2020-13938
  . CVE-2019-17567
httpd-2.4.46-1.an3.src [8.3 MiB] Changelog by JoungKyun.Kim (2020-08-17): 
- update 2.4.46
  see also https://downloads.apache.org/httpd/CHANGES_2.4.44
  see also https://downloads.apache.org/httpd/CHANGES_2.4.45
  see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
  . CVE-2020-11984
  . CVE-2020-11993
httpd-2.4.43-1.an3.src [8.2 MiB] Changelog by JoungKyun.Kim (2020-04-06): 
- update 2.4.43
  see also https://downloads.apache.org/httpd/CHANGES_2.4.43
- security issues
  . CVE-2020-1934
  . CVE-2020-1927
httpd-2.4.41-1.an3.src [8.2 MiB] Changelog by JoungKyun.Kim (2019-08-24): 
- update 2.4.41
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.41
- security issues
  . CVE-2019-10081 mod_http2
  . CVE-2019-9517  mod_http2
  . CVE-2019-10098 rewrite
  . CVE-2019-10092
  . CVE-2019-10097 mod_remoteip
  . CVE-2019-10082 mod_http2
httpd-2.4.39-1.an3.src [8.1 MiB] Changelog by JoungKyun.Kim (2019-05-13): 
- update 2.4.39
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.36
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.38
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.39
- support TLS 1.3
- security issues
  . CVE-2019-0197 mod_http2
  . CVE-2019-0196 mod_http2
  . CVE-2019-0211 MPM
  . CVE-2019-0217 mod_auth_digest
  . CVE-2019-0215 mod_ssl
  . CVE-2019-0190 mod_ssl
  . CVE-2019-0220 Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`
  . CVE-2018-17199 mod_session_cookie
  . CVE-2018-17189 mod_http2
httpd-2.4.37-1.an3.src [8.1 MiB] Changelog by JoungKyun.Kim (2018-12-10): 
- update 2.4.37
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
httpd-2.4.35-1.an3.src [8.1 MiB] Changelog by JoungKyun.Kim (2018-10-13): 
- update 2.4.35
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.35
httpd-2.4.34-1.an3.src [8.0 MiB] Changelog by JoungKyun.Kim (2018-08-19): 
- update 2.4.34
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.34
- security issues
  . CVE-2018-8011 mod_md
    DoS via Coredumps on specially crafted requests
  . CVE-2018-1333 mod_http2
    DoS for HTTP/2 connections by specially crafted requests
httpd-2.4.33-1.an3.src [8.0 MiB] Changelog by JoungKyun.Kim (2018-04-08): 
- update 2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
  . CVE-2017-15710 mod_authnz_ldap:
    Out of bound write with AuthLDAPCharsetConfig enabled
  . CVE-2017-15715 core:
    Configure the regular expression engine to match '$' to the end of
    the input string only, excluding matching the end of any embedded 
    newline characters. Behavior can be changed with new directive 
    'RegexDefaultOptions'.
  . CVE-2018-1283 mod_session:
    CGI-like applications that intend to read from mod_session's 
    'SessionEnv ON' could be fooled into reading user-supplied data instead.
  . CVE-2018-1301 core:
    Possible crash with excessively long HTTP request headers. 
    Impractical to exploit with a production build and production LogLevel.
  . CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
  . CVE-2018-1303 mod_cache_socache:
    Fix request headers parsing to avoid a possible crash
    with specially crafted input data.
  . CVE-2018-1312 mod_auth_digest:
    Fix generation of nonce values to prevent replay
    attacks across servers using a common Digest domain. This change
    may cause problems if used with round robin load balancers.
httpd-2.4.28-1.an3.src [7.7 MiB] Changelog by JoungKyun.Kim (2017-10-14): 
- update 2.4.28
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.28
- security issues
  . CVE-2017-9798
    Corrupted or freed memory access.
  . PR61382
    mod_http2: Fix for stalling when more than 32KB are written to a suspended stream.
httpd-2.4.27-1.an3.src [7.6 MiB] Changelog by JoungKyun.Kim (2017-07-17): 
- update 2.4.27
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.27
- security issues
  . CVE-2017-7679
  . CVE-2017-7668
  . CVE-2017-7659
  . CVE-2017-3169
  . CVE-2017-3167
httpd-2.4.25-1.an3.src [7.5 MiB] Changelog by JoungKyun.Kim (2017-01-21): 
- update 2.4.25
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.25
- security issues
  . CVE-2016-8740
  . CVE-2016-2161
  . CVE-2016-0736
  . CVE-2016-8743
httpd-2.4.23-2.an3.src [7.5 MiB] Changelog by JoungKyun.Kim (2016-08-25): 
- support package name alias http-ssl, http-ldap, http-proxy-html, http-session
httpd-2.4.23-1.an3.src [7.5 MiB] Changelog by JoungKyun.Kim (2016-07-21): 
- update 2.4.23
- security issues
  . CVE-2016-5387
    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and
    therefore does not protect applications from the presence of untrusted
    client data in the HTTP_PROXY environment variable, which might allow
    remote attackers to redirect an application's outbound HTTP traffic to an
    arbitrary proxy server via a crafted Proxy header in an HTTP request, aka
    an "httpoxy" issue.
httpd-2.4.18-3.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2016-02-03): 
- move ssl.conf to httpd-conf package
httpd-2.4.18-2.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2016-02-01): 
- support ALPN for http2
httpd-2.4.18-1.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2016-01-14): 
- update 2.4.18
httpd-2.4.17-2.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2015-12-15): 
- fixed perl dependency problems
httpd-2.4.17-1.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2015-11-11): 
- update 2.4.17
httpd-2.4.16-1.an3.src [6.3 MiB] Changelog by JoungKyun.Kim (2015-08-31): 
- update 2.4.16
- security issues
  . CVE-2015-3183
  . CVE-2015-3185
  . CVE-2015-0253
  . CVE-2015-0228
httpd-2.4.12-1.an3.src [6.2 MiB] Changelog by JoungKyun.Kim (2015-02-03): 
- update 2.4.12
- add External404Title directive
- fixed broken korean in SSI

Listing created by Repoview-0.6.6-4.el7