Amazon Linux 1 Security Advisory: ALAS-2021-1514
Advisory Release Date: 2021-07-08 18:38 Pacific
Advisory Updated Date: 2021-07-12 21:50 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. (CVE-2019-17567)
A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. (CVE-2020-13938)
A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-13950)
A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-35452)
A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to system availability. (CVE-2021-26690)
A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability. (CVE-2021-26691)
A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. (CVE-2021-30641)
Affected Packages:
httpd24
Issue Correction:
Run yum update httpd24 to update your system.
i686:
mod24_session-2.4.48-1.92.amzn1.i686
mod24_ssl-2.4.48-1.92.amzn1.i686
mod24_proxy_html-2.4.48-1.92.amzn1.i686
mod24_md-2.4.48-1.92.amzn1.i686
httpd24-devel-2.4.48-1.92.amzn1.i686
httpd24-2.4.48-1.92.amzn1.i686
httpd24-tools-2.4.48-1.92.amzn1.i686
httpd24-debuginfo-2.4.48-1.92.amzn1.i686
mod24_ldap-2.4.48-1.92.amzn1.i686
noarch:
httpd24-manual-2.4.48-1.92.amzn1.noarch
src:
httpd24-2.4.48-1.92.amzn1.src
x86_64:
mod24_proxy_html-2.4.48-1.92.amzn1.x86_64
mod24_ldap-2.4.48-1.92.amzn1.x86_64
httpd24-devel-2.4.48-1.92.amzn1.x86_64
httpd24-2.4.48-1.92.amzn1.x86_64
httpd24-tools-2.4.48-1.92.amzn1.x86_64
httpd24-debuginfo-2.4.48-1.92.amzn1.x86_64
mod24_md-2.4.48-1.92.amzn1.x86_64
mod24_session-2.4.48-1.92.amzn1.x86_64
mod24_ssl-2.4.48-1.92.amzn1.x86_64