Reviewed-by: Michael Tremer > On 23 Dec 2021, at 17:32, Matthias Fischer wrote: > > Signed-off-by: Matthias Fischer > > For details see: > https://dlcdn.apache.org//httpd/CHANGES_2.4.52 > > Excerpt from changelog: > > ""Changes with Apache 2.4.52 > > *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing > multipart content in mod_lua of Apache HTTP Server 2.4.51 and > earlier (cve.mitre.org) > A carefully crafted request body can cause a buffer overflow in > the mod_lua multipart parser (r:parsebody() called from Lua > scripts). > The Apache httpd team is not aware of an exploit for the > vulnerabilty though it might be possible to craft one. > This issue affects Apache HTTP Server 2.4.51 and earlier. > Credits: Chamal > > *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in > forward proxy configurations in Apache HTTP Server 2.4.51 and > earlier (cve.mitre.org) > A crafted URI sent to httpd configured as a forward proxy > (ProxyRequests on) can cause a crash (NULL pointer dereference) > or, for configurations mixing forward and reverse proxy > declarations, can allow for requests to be directed to a > declared Unix Domain Socket endpoint (Server Side Request > Forgery). > This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 > (included). > Credits: æ¼‚äº®é¼ > TengMA(@Te3t123) > ..." > --- > config/rootfiles/common/apache2 | 2 ++ > lfs/apache2 | 4 ++-- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 > index 8442446df..b6e83ab9d 100644 > --- a/config/rootfiles/common/apache2 > +++ b/config/rootfiles/common/apache2 > @@ -1080,6 +1080,8 @@ srv/web/ipfire/html/captive > #srv/web/ipfire/manual/mod/mod_systemd.html > #srv/web/ipfire/manual/mod/mod_systemd.html.en > #srv/web/ipfire/manual/mod/mod_systemd.html.fr.utf8 > +#srv/web/ipfire/manual/mod/mod_tls.html > +#srv/web/ipfire/manual/mod/mod_tls.html.en > #srv/web/ipfire/manual/mod/mod_unique_id.html > #srv/web/ipfire/manual/mod/mod_unique_id.html.en > #srv/web/ipfire/manual/mod/mod_unique_id.html.fr.utf8 > diff --git a/lfs/apache2 b/lfs/apache2 > index b4064cee0..226058a22 100644 > --- a/lfs/apache2 > +++ b/lfs/apache2 > @@ -25,7 +25,7 @@ > > include Config > > -VER = 2.4.51 > +VER = 2.4.52 > > THISAPP = httpd-$(VER) > DL_FILE = $(THISAPP).tar.bz2 > @@ -45,7 +45,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = d2793fc1c8cb8ba355cee877d1f2d46d > +$(DL_FILE)_MD5 = a94ae42b84309d5ef6e613ae825b92fa > > install : $(TARGET) > > -- > 2.18.0 >