Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
over HTTP/2 (CVE-2024-36387)
This commit is contained in:
parent
2c7cd439c5
commit
c11e410c28
17
mod_http2-2.0.26-CVE-2024-36387.patch
Normal file
17
mod_http2-2.0.26-CVE-2024-36387.patch
Normal file
@ -0,0 +1,17 @@
|
||||
--- a/mod_http2/h2_c2.c 2024/06/24 17:34:59 1918556
|
||||
+++ b/mod_http2/h2_c2.c 2024/06/24 17:51:42 1918557
|
||||
@@ -370,6 +370,13 @@
|
||||
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
|
||||
apr_status_t rv;
|
||||
|
||||
+ if (bb == NULL) {
|
||||
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
|
||||
+ f->c->data_in_output_filters = 0;
|
||||
+#endif
|
||||
+ return APR_SUCCESS;
|
||||
+ }
|
||||
+
|
||||
ap_assert(conn_ctx);
|
||||
#if AP_HAS_RESPONSE_BUCKETS
|
||||
if (!conn_ctx->has_final_response) {
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
Name: mod_http2
|
||||
Version: 2.0.26
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: module implementing HTTP/2 for Apache 2
|
||||
License: ASL 2.0
|
||||
URL: https://icing.github.io/mod_h2/
|
||||
@ -14,6 +14,8 @@ Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2
|
||||
#
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2268277
|
||||
Patch100: mod_http2-2.0.26-CVE-2024-27316.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2295006
|
||||
Patch101: mod_http2-2.0.26-CVE-2024-36387.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
@ -53,6 +55,10 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
|
||||
%{_httpd_moddir}/mod_proxy_http2.so
|
||||
|
||||
%changelog
|
||||
* Tue Jul 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-3
|
||||
- Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
|
||||
over HTTP/2 (CVE-2024-36387)
|
||||
|
||||
* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
|
||||
- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
|
||||
DoS (CVE-2024-27316)
|
||||
|
Loading…
Reference in New Issue
Block a user