操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面——麒麟信安官网

公告ID (KylinSec-SA-2023-1244)

摘要:

httpd security update

安全等级: High

公告ID: KylinSec-SA-2023-1244

发布日期: 2023年3月17日

关联CVE: CVE-2023-27522 CVE-2023-25690

详细介绍

1. 漏洞描述

Apache HTTP Server是一个功能强大且灵活的HTTP/1.1兼容web服务器。

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-27522	KY3.4-4A	httpd	Fixed
CVE-2023-27522	KY3.4-5A	httpd	Fixed
CVE-2023-27522	KY3.5.1	httpd	Fixed
CVE-2023-27522	KY3.5.2	httpd	Fixed
CVE-2023-25690	KY3.4-4A	httpd	Fixed
CVE-2023-25690	KY3.4-5A	httpd	Fixed
CVE-2023-25690	KY3.5.1	httpd	Fixed
CVE-2023-25690	KY3.5.2	httpd	Fixed

3. 影响组件

httpd

4. 修复版本

KY3.5.1

软件名称	架构	版本号
httpd-help	noarch	2.4.51-15.kb1.ky3_5
httpd-filesystem	noarch	2.4.51-15.kb1.ky3_5
mod_proxy_html	x86_64	2.4.51-15.kb1.ky3_5
httpd-devel	x86_64	2.4.51-15.kb1.ky3_5
httpd	x86_64	2.4.51-15.kb1.ky3_5
mod_ssl	x86_64	2.4.51-15.kb1.ky3_5
mod_session	x86_64	2.4.51-15.kb1.ky3_5
mod_md	x86_64	2.4.51-15.kb1.ky3_5
mod_ldap	x86_64	2.4.51-15.kb1.ky3_5
httpd-tools	x86_64	2.4.51-15.kb1.ky3_5
httpd-tools	aarch64	2.4.51-15.kb1.ky3_5
mod_ssl	aarch64	2.4.51-15.kb1.ky3_5
mod_proxy_html	aarch64	2.4.51-15.kb1.ky3_5
mod_ldap	aarch64	2.4.51-15.kb1.ky3_5
mod_md	aarch64	2.4.51-15.kb1.ky3_5
httpd	aarch64	2.4.51-15.kb1.ky3_5
httpd-devel	aarch64	2.4.51-15.kb1.ky3_5
mod_session	aarch64	2.4.51-15.kb1.ky3_5

KY3.4-4A

软件名称	架构	版本号
httpd-filesystem	noarch	2.4.43-21.kb1.ky3_4
httpd-help	noarch	2.4.43-21.kb1.ky3_4
httpd-tools	x86_64	2.4.43-21.kb1.ky3_4
httpd-devel	x86_64	2.4.43-21.kb1.ky3_4
mod_ssl	x86_64	2.4.43-21.kb1.ky3_4
mod_proxy_html	x86_64	2.4.43-21.kb1.ky3_4
mod_session	x86_64	2.4.43-21.kb1.ky3_4
mod_ldap	x86_64	2.4.43-21.kb1.ky3_4
httpd	x86_64	2.4.43-21.kb1.ky3_4
mod_md	x86_64	2.4.43-21.kb1.ky3_4
mod_md	aarch64	2.4.43-21.kb1.ky3_4
httpd-devel	aarch64	2.4.43-21.kb1.ky3_4
mod_session	aarch64	2.4.43-21.kb1.ky3_4
mod_ssl	aarch64	2.4.43-21.kb1.ky3_4
httpd-tools	aarch64	2.4.43-21.kb1.ky3_4
mod_ldap	aarch64	2.4.43-21.kb1.ky3_4
httpd	aarch64	2.4.43-21.kb1.ky3_4
mod_proxy_html	aarch64	2.4.43-21.kb1.ky3_4

KY3.4-5A

软件名称	架构	版本号
httpd-help	noarch	2.4.43-21.kb1.ky3_4
httpd-filesystem	noarch	2.4.43-21.kb1.ky3_4
mod_proxy_html	x86_64	2.4.43-21.kb1.ky3_4
httpd	x86_64	2.4.43-21.kb1.ky3_4
httpd-tools	x86_64	2.4.43-21.kb1.ky3_4
mod_ldap	x86_64	2.4.43-21.kb1.ky3_4
mod_session	x86_64	2.4.43-21.kb1.ky3_4
mod_md	x86_64	2.4.43-21.kb1.ky3_4
mod_ssl	x86_64	2.4.43-21.kb1.ky3_4
httpd-devel	x86_64	2.4.43-21.kb1.ky3_4
mod_md	aarch64	2.4.43-21.kb1.ky3_4
httpd	aarch64	2.4.43-21.kb1.ky3_4
httpd-devel	aarch64	2.4.43-21.kb1.ky3_4
httpd-tools	aarch64	2.4.43-21.kb1.ky3_4
mod_ldap	aarch64	2.4.43-21.kb1.ky3_4
mod_proxy_html	aarch64	2.4.43-21.kb1.ky3_4
mod_session	aarch64	2.4.43-21.kb1.ky3_4
mod_ssl	aarch64	2.4.43-21.kb1.ky3_4

KY3.5.2

软件名称	架构	版本号
httpd-filesystem	noarch	2.4.51-15.ky3_5.kb4
httpd-help	noarch	2.4.51-15.ky3_5.kb4
mod_md	x86_64	2.4.51-15.ky3_5.kb4
httpd-devel	x86_64	2.4.51-15.ky3_5.kb4
mod_session	x86_64	2.4.51-15.ky3_5.kb4
httpd	x86_64	2.4.51-15.ky3_5.kb4
mod_ldap	x86_64	2.4.51-15.ky3_5.kb4
mod_proxy_html	x86_64	2.4.51-15.ky3_5.kb4
mod_ssl	x86_64	2.4.51-15.ky3_5.kb4
httpd-tools	x86_64	2.4.51-15.ky3_5.kb4
mod_proxy_html	aarch64	2.4.51-20.ky3_5.kb1
mod_md	aarch64	2.4.51-20.ky3_5.kb1
mod_ssl	aarch64	2.4.51-20.ky3_5.kb1
httpd-devel	aarch64	2.4.51-20.ky3_5.kb1
mod_session	aarch64	2.4.51-20.ky3_5.kb1
mod_ldap	aarch64	2.4.51-20.ky3_5.kb1
httpd-tools	aarch64	2.4.51-20.ky3_5.kb1
httpd	aarch64	2.4.51-20.ky3_5.kb1

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.5.1:

x86_64:

httpd-filesystem

aarch64:

httpd-filesystem

KY3.4-4A:

x86_64:

httpd-filesystem

aarch64:

httpd-filesystem

KY3.4-5A:

x86_64:

httpd-filesystem

aarch64:

httpd-filesystem

KY3.5.2:

x86_64:

httpd-filesystem

aarch64:

httpd-filesystem

上一篇:KylinSec-SA-2023-1222 下一篇:KylinSec-SA-2023-1726

产品中心

解决方案

技术支持

生态与合作

分支机构

全国统一服务热线

400-012-6606

微信公众号

Copyright © 湖南麒麟信安科技股份有限公司版权所有备案号：湘ICP备16010502号-1

技术支持：蒲公英长沙网站建设