From 0807d59d4d04dc3199b7b479808ee9693bb36119 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 8 Oct 2021 03:23:28 +0000
Subject: Fri Oct  8 03:23:28 UTC 2021

n/httpd-2.4.51-x86_64-1.txz:  Upgraded.
  SECURITY: CVE-2021-42013: Path Traversal and Remote Code
  Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
  fix of CVE-2021-41773) (cve.mitre.org)
  It was found that the fix for CVE-2021-41773 in Apache HTTP
  Server 2.4.50 was insufficient.  An attacker could use a path
  traversal attack to map URLs to files outside the directories
  configured by Alias-like directives.
  If files outside of these directories are not protected by the
  usual default configuration "require all denied", these requests
  can succeed. If CGI scripts are also enabled for these aliased
  pathes, this could allow for remote code execution.
  This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
  earlier versions.
  Credits: Reported by Juan Escobar from Dreamlab Technologies,
  Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
  (* Security fix *)
---
 kernels/VERSIONS.TXT | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'kernels')

diff --git a/kernels/VERSIONS.TXT b/kernels/VERSIONS.TXT
index 0dcb39cb0..71d05584e 100644
--- a/kernels/VERSIONS.TXT
+++ b/kernels/VERSIONS.TXT
@@ -1,3 +1,3 @@
 
-These kernels are version 5.14.9.
+These kernels are version 5.14.10.
 
-- 
cgit v1.2.3