Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
over HTTP/2 (CVE-2024-36387)
This commit is contained in:
parent
2c7cd439c5
commit
c11e410c28
17
mod_http2-2.0.26-CVE-2024-36387.patch
Normal file
17
mod_http2-2.0.26-CVE-2024-36387.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
--- a/mod_http2/h2_c2.c 2024/06/24 17:34:59 1918556
|
||||||
|
+++ b/mod_http2/h2_c2.c 2024/06/24 17:51:42 1918557
|
||||||
|
@@ -370,6 +370,13 @@
|
||||||
|
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
|
||||||
|
apr_status_t rv;
|
||||||
|
|
||||||
|
+ if (bb == NULL) {
|
||||||
|
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
|
||||||
|
+ f->c->data_in_output_filters = 0;
|
||||||
|
+#endif
|
||||||
|
+ return APR_SUCCESS;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ap_assert(conn_ctx);
|
||||||
|
#if AP_HAS_RESPONSE_BUCKETS
|
||||||
|
if (!conn_ctx->has_final_response) {
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: mod_http2
|
Name: mod_http2
|
||||||
Version: 2.0.26
|
Version: 2.0.26
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: module implementing HTTP/2 for Apache 2
|
Summary: module implementing HTTP/2 for Apache 2
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://icing.github.io/mod_h2/
|
URL: https://icing.github.io/mod_h2/
|
||||||
@ -14,6 +14,8 @@ Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2
|
|||||||
#
|
#
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2268277
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2268277
|
||||||
Patch100: mod_http2-2.0.26-CVE-2024-27316.patch
|
Patch100: mod_http2-2.0.26-CVE-2024-27316.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2295006
|
||||||
|
Patch101: mod_http2-2.0.26-CVE-2024-36387.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -53,6 +55,10 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
|
|||||||
%{_httpd_moddir}/mod_proxy_http2.so
|
%{_httpd_moddir}/mod_proxy_http2.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-3
|
||||||
|
- Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
|
||||||
|
over HTTP/2 (CVE-2024-36387)
|
||||||
|
|
||||||
* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
|
* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
|
||||||
- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
|
- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
|
||||||
DoS (CVE-2024-27316)
|
DoS (CVE-2024-27316)
|
||||||
|
Loading…
Reference in New Issue
Block a user