In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Reference: https://httpd.apache.org/security/vulnerabilities_24.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1820776]
External References: https://httpd.apache.org/security/vulnerabilities_24.html
Upstream patch: https://svn.apache.org/viewvc?view=revision&revision=1873745
Statement: This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 JBoss Core Services on RHEL 7 Via RHSA-2020:2644 https://access.redhat.com/errata/RHSA-2020:2644
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2020:2646 https://access.redhat.com/errata/RHSA-2020:2646
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1934
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3958 https://access.redhat.com/errata/RHSA-2020:3958
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4751 https://access.redhat.com/errata/RHSA-2020:4751