StarlingX

  1. Bug #1960765
  2. Comment #3

Comment 3 for bug 1960765

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/834214
Committed: https://opendev.org/starlingx/tools/commit/fc00096e8beb10f96ae0d33d3d0008d929c5f124
Submitter: "Zuul (22348)"
Branch: master

commit fc00096e8beb10f96ae0d33d3d0008d929c5f124
Author: Joe Slater <email address hidden>
Date: Thu Mar 17 14:27:32 2022 -0400

    httpd: fix three CVEs

    CVE-2021-26691: heap overflow
    CVE-2021-39275: out-of-bounds-write
    CVE-2021-44790: buffer overflow

    Advance to version 2.4.6-97.el7.centos.

    === testing
    boot iso and log in; become root; httpd is not running

     systemctl stop lighttpd # free up port 80
     systemctl start httpd # takes a while
     echo arf > /var/www/html/arf.txt # something to fetch
     wget http://localhost/arf.txt
     cat arf.txt

    This shows httpd is processing requests.
    ===

    Closes-bug: 1960765
    Signed-off-by: Joe Slater <email address hidden>
    Change-Id: Idcff71fe505a187e7bcfaea7a8818233a4ef76ac