Apache CVE-2017-7679

headsup

• June 19, 2017 18:24

A security bulletin: CVE-2017-7679: mod_mime buffer overread Severity: Important Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Mitigation: 2.2.x users should either apply the patch available at or upgrade in the future to 2.2.33, which is currently unreleased. CVE-2017-3167: ap_get_basic_auth_pw authentication bypass Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Mitigation: 2.2.x users should either apply the patch available at

• 

  cPanelMichael

  • June 20, 2017 13:42

  Hello, Internal cases EAL-3163 and EA-6437 are open to upgrade Apache to version 2.4.26 in EasyApache versions 3 and 4. You can follow the EA change logs to see when these changes are published: Thank you.

  0
• 

  cPanelMichael

  • June 21, 2017 15:02

  Hello, To update, please see the following thread regarding Apache 2.4.26: Apache 2.4.26 Thank you.

  0

Please sign in to leave a comment.