Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointer dereference can
cause a child process crash (CVE-2026-33007)
This commit is contained in:
Luboš Uhliarik
parent
9dc3c4f021
commit
8bb28bf05d
18
httpd-2.4.37-CVE-2026-33007.patch
Normal file
18
httpd-2.4.37-CVE-2026-33007.patch
Normal file
@ -0,0 +1,18 @@
|
||||
diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
|
||||
index 550bc66..9b921b8 100644
|
||||
--- a/modules/aaa/mod_authn_socache.c
|
||||
+++ b/modules/aaa/mod_authn_socache.c
|
||||
@@ -266,11 +266,10 @@ static const command_rec authn_cache_cmds[] =
|
||||
static const char *construct_key(request_rec *r, const char *context,
|
||||
const char *user, const char *realm)
|
||||
{
|
||||
+ const char *slash = ap_strrchr_c(r->uri, '/');
|
||||
/* handle "special" context values */
|
||||
- if (!strcmp(context, directory)) {
|
||||
- /* FIXME: are we at risk of this blowing up? */
|
||||
+ if (!strcmp(context, directory) && slash) {
|
||||
char *new_context;
|
||||
- char *slash = strrchr(r->uri, '/');
|
||||
new_context = apr_palloc(r->pool, slash - r->uri +
|
||||
strlen(r->server->server_hostname) + 1);
|
||||
strcpy(new_context, r->server->server_hostname);
|
||||
@ -301,6 +301,8 @@ Patch253: httpd-2.4.37-CVE-2025-65082.patch
|
||||
Patch254: httpd-2.4.37-CVE-2025-58098.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2466913
|
||||
Patch255: httpd-2.4.37-CVE-2026-28780.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2465299
|
||||
Patch256: httpd-2.4.37-CVE-2026-33007.patch
|
||||
|
||||
License: ASL 2.0
|
||||
Group: System Environment/Daemons
|
||||
@ -546,6 +548,7 @@ interface for storing and accessing per-user session data.
|
||||
%patch253 -p1 -b .CVE-2025-65082
|
||||
%patch254 -p1 -b .CVE-2025-58098
|
||||
%patch255 -p1 -b .CVE-2026-28780
|
||||
%patch256 -p1 -b .CVE-2026-33007
|
||||
|
||||
%patch96 -p1 -b .r1922080
|
||||
|
||||
@ -1060,6 +1063,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
* Tue May 12 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.8
|
||||
- Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server mod_proxy_ajp:
|
||||
Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)
|
||||
- Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointer dereference can
|
||||
cause a child process crash (CVE-2026-33007)
|
||||
|
||||
* Fri Dec 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.7
|
||||
- Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
|
||||
|
||||
Loading…
Reference in New Issue
Block a user