aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Bernd Kuhls <bernd.kuhls@t-online.de>2017-07-11 20:25:26 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-07-19 16:06:41 +0200
commite233dc7e0bc59c3fc78ff02bac9b261126e2696c (patch)
tree1b63262afc4ac0ae2733df2bc9e95011e56fe6fa
parent6e23252d6389c277a6238c1f262d6fef5073e272 (diff)
downloadbuildroot-e233dc7e0bc59c3fc78ff02bac9b261126e2696c.tar.gz
buildroot-e233dc7e0bc59c3fc78ff02bac9b261126e2696c.tar.bz2
package/apache: security bump to version 2.4.27
Fixes the following security issues: CVE-2017-9788 - Uninitialized memory reflection in mod_auth_digest The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. CVE-2017-9789 - Read after free in mod_http2 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cf9b7cedac14de7cf5650589bf4c37635b5438a9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/apache/apache.hash4
-rw-r--r--package/apache/apache.mk2
2 files changed, 3 insertions, 3 deletions
diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index fe7174a4d2..f29ae45187 100644
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,2 +1,2 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.26.tar.bz2.sha256
-sha256 a07eb52fafc879e0149d31882f7da63173e72df4478db4dc69f7a775b663d387 httpd-2.4.26.tar.bz2
+# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
+sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index b276b8d493..857e538346 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@
#
################################################################################
-APACHE_VERSION = 2.4.26
+APACHE_VERSION = 2.4.27
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0