system environment/daemons

Jump to letter: [ ABCDEFGHIJLMNOPRSTUVX ]

mod_md - Managing domains across virtual hosts, certificate provisioning via the ACME protocol

Website: http://httpd.apache.org/
License: ASL 2.0
Vendor: AnNyung Packaging Team
Description:
The mod_session module is managing domains across virtual hosts,
implementing the Let's Encrypt ACMEv1 protocol to signup and renew
certificates. Please read the modules documentation for further
instructions on how to use it.

Packages

mod_md-2.4.37-1.an3.x86_64 [103 KiB] Changelog by JoungKyun.Kim (2018-12-10): 
- update 2.4.37
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
mod_md-2.4.35-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-10-13): 
- update 2.4.35
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.35
mod_md-2.4.34-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-08-19): 
- update 2.4.34
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.34
- security issues
  . CVE-2018-8011 mod_md
    DoS via Coredumps on specially crafted requests
  . CVE-2018-1333 mod_http2
    DoS for HTTP/2 connections by specially crafted requests
mod_md-2.4.33-1.an3.x86_64 [102 KiB] Changelog by JoungKyun.Kim (2018-04-08): 
- update 2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
  see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
  . CVE-2017-15710 mod_authnz_ldap:
    Out of bound write with AuthLDAPCharsetConfig enabled
  . CVE-2017-15715 core:
    Configure the regular expression engine to match '$' to the end of
    the input string only, excluding matching the end of any embedded 
    newline characters. Behavior can be changed with new directive 
    'RegexDefaultOptions'.
  . CVE-2018-1283 mod_session:
    CGI-like applications that intend to read from mod_session's 
    'SessionEnv ON' could be fooled into reading user-supplied data instead.
  . CVE-2018-1301 core:
    Possible crash with excessively long HTTP request headers. 
    Impractical to exploit with a production build and production LogLevel.
  . CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
  . CVE-2018-1303 mod_cache_socache:
    Fix request headers parsing to avoid a possible crash
    with specially crafted input data.
  . CVE-2018-1312 mod_auth_digest:
    Fix generation of nonce values to prevent replay
    attacks across servers using a common Digest domain. This change
    may cause problems if used with round robin load balancers.

Listing created by Repoview-0.6.6-4.el7