diff options
| author | Peter Simons <simons@cryp.to> | 2019-04-02 09:46:25 +0200 |
|---|---|---|
| committer | Peter Simons <simons@cryp.to> | 2019-04-02 09:46:25 +0200 |
| commit | 2017158b53fefb67d5a02f6d02b72515d107256f (patch) | |
| tree | 0583648c0c4935608781006a461829cc44cabbc7 /pkgs/servers | |
| parent | a01129912f62d2a8be2e1f20bacaf8bfbaaf9e05 (diff) | |
| download | nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar.gz nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar.bz2 nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar.lz nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar.xz nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.tar.zst nixpkgs-2017158b53fefb67d5a02f6d02b72515d107256f.zip | |
apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
Diffstat (limited to 'pkgs/servers')
| -rw-r--r-- | pkgs/servers/http/apache-httpd/2.4.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix index 64e57f64236..5933a71e515 100644 --- a/pkgs/servers/http/apache-httpd/2.4.nix +++ b/pkgs/servers/http/apache-httpd/2.4.nix @@ -16,12 +16,12 @@ assert ldapSupport -> aprutil.ldapSupport && openldap != null; assert http2Support -> nghttp2 != null; stdenv.mkDerivation rec { - version = "2.4.38"; + version = "2.4.39"; name = "apache-httpd-${version}"; src = fetchurl { url = "mirror://apache/httpd/httpd-${version}.tar.bz2"; - sha256 = "0jiriyyf3pm6axf4mrz6c2z08yhs21hb4d23viq87jclm5bmiikx"; + sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml"; }; # FIXME: -dev depends on -doc |