From f2a56f60e45370e0ab641c7ad3a1cdb139f4826b Mon Sep 17 00:00:00 2001 From: yanggao Date: Thu, 9 Mar 2023 11:12:27 +0800 Subject: [PATCH] =?UTF-8?q?CVE-2022-36760=20=E5=AE=89=E5=85=A8=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=EF=BC=9AApache=20HTTP=20Server=20=E7=8E=AF=E5=A2=83?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E6=BC=8F=E6=B4=9E.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 6 ++++++ modules/proxy/mod_proxy_ajp.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index c025420..fac177d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +apache2 (2.4.54-ok3) yangtze; urgency=medium + + * dong-hantao CVE-2022-36760 安全更新:Apache HTTP Server 环境问题漏洞. + + -- donghantao Thu, 09 Mar 2023 11:11:51 +0800 + apache2 (2.4.54-ok2) yangtze; urgency=medium * mrmoney1 CVE-2006-20001 安全更新:Apache HTTP Sever一些版本的缓冲区错误漏洞. diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index 226ad9b..1449aca 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -257,6 +257,8 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10396) "%s Transfer-Encoding is not supported", tenc); + /* We had a failure: Close connection to backend */ + conn->close = 1; return HTTP_INTERNAL_SERVER_ERROR; } } else { -- Gitee