ELBA-2025-5309

Опубликовано: 09 июн. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELBA-2025-5309: mod_proxy_cluster bug fix and enhancement update (MODERATE)

[1.3.21-1]

Resolves: RHEL-76000 Rebase mod_proxy_cluster to upstream 1.3.21.Final release

[0:1.3.20-1.1]

Bump release for October 2024 mass rebuild: Resolves: RHEL-64018

[1.3.20-1]

Rebase mod_proxy_cluster to upstream 1.3.20.Final tag
Related: RHEL-55407 - Rebase mod_proxy_cluster to upstream 1.3.20.Final release

[1.3.19-1.2]

Bump release for June 2024 mass rebuild

[1.3.19-1.1]

Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[1.3.19-1]

First build

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

mod_proxy_cluster

1.3.21-1.el10

Oracle Linux x86_64

mod_proxy_cluster

1.3.21-1.el10

Связанные CVE

CVE-2024-10306

Ссылки на источники

Связанные уязвимости

CVE-2024-10306

CVSS3: 5.4

redhat

5 месяцев назад

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.