- up to 2.4.46;Fixes:

  *) SECURITY: CVE-2020-11984 (cve.mitre.org)
     mod_proxy_uwsgi: Malicious request may result in information
     disclosure or RCE of existing file on the server running under a malicious
     process environment. [Yann Ylavic]

  *) SECURITY: CVE-2020-11993 (cve.mitre.org)
     mod_http2: when throttling connection requests, log statements
     where possibly made that result in concurrent, unsafe use of
     a memory pool. [Stefan Eissing]

  *) SECURITY:
     mod_http2: a specially crafted value for the 'Cache-Digest' header
     request would result in a crash when the server actually tries
     to HTTP/2 PUSH a resource afterwards.
     [Stefen Eissing, Eric Covener, Christophe Jaillet]

diff --git a/apache.spec b/apache.spec
index 3b57effd5b48dd8576ab1c48fb218feaaf3a85d8..335c6bd6bad21a5b7957fd4e4aef979d8b5f101f 100644 (file)
--- a/apache.spec
+++ b/apache.spec
@@ -33,12 +33,12 @@ Summary(pt_BR.UTF-8):       Servidor HTTPD para prover serviços WWW
 Summary(ru.UTF-8):     Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
-Version:       2.4.43
+Version:       2.4.46
 Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 791c986b1e70fe61eb44060aacc89a64
+# Source0-md5: 7d661ea5e736dac5e2761d9f49fe8361
 Source1:       %{name}.init
 Source2:       %{name}.logrotate
 Source3:       %{name}.sysconfig