gentoo auto-resync : 14:08:2022 - 02:24:58

author: V3n3RiX <venerix@koprulu.sector> 2022-08-14 02:24:58 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-08-14 02:24:58 +0100
commit: 77a57b2d524e4149890d25e1ea50f776d6551b19 (patch)
tree: 9b2440d7038cb57a8b8e0a1f51857645e1708f26 /metadata/glsa/glsa-202208-20.xml
parent: f817af8fa591ddb17425660fe57f02775fe68b00 (diff)
1 files changed, 78 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202208-20.xml b/metadata/glsa/glsa-202208-20.xml
new file mode 100644
index 000000000000..58744f5a5bc0
--- /dev/null
+++ b/metadata/glsa/glsa-202208-20.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-20">
+    <title>Apache HTTPD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">apache,apache-tools</product>
+    <announced>2022-08-14</announced>
+    <revised count="1">2022-08-14</revised>
+    <bug>813429</bug>
+    <bug>816399</bug>
+    <bug>816864</bug>
+    <bug>829722</bug>
+    <bug>835131</bug>
+    <bug>850622</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/apache-tools" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+        <package name="www-servers/apache" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache HTTPD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
+        </code>
+        
+        <p>All Apache HTTPD tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
author	V3n3RiX <venerix@koprulu.sector>	2022-08-14 02:24:58 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-08-14 02:24:58 +0100
commit	77a57b2d524e4149890d25e1ea50f776d6551b19 (patch)
tree	9b2440d7038cb57a8b8e0a1f51857645e1708f26 /metadata/glsa/glsa-202208-20.xml
parent	f817af8fa591ddb17425660fe57f02775fe68b00 (diff)