关键漏洞信息 漏洞概述 类型/严重性: 安全公告,中等 主题: 的安全更新,适用于 Red Hat Enterprise Linux 9.4 扩展更新支持。 描述: 模块是 Apache HTTP Server 的插件,提供负载均衡功能。存在未授权的 MCMP 请求漏洞(CVE-2024-10306)。 影响的产品 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x 解决方案 参考: https://access.redhat.com/articles/11258 固定版本 BZ - 2321302: CVE-2024-10306 mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests RHEL-95378: Rebase mod_proxy_cluster to upstream 1.3.22 Final release CVEs CVE-2024-10306 参考链接 https://access.redhat.com/security/updates/classification/#moderate