ELBA-2024-8839
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-8839
ELBA-2024-8839 - httpd:2.4 bug fix and enhancement update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2024-11-05 |
Description
httpd
[2.4.37-65.2.0.1]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-65.2]
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix
[2.4.37-65.1]
- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue
in mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output
in mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference
in mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF
in mod_rewrite (CVE-2024-39573)
mod_http2
[1.15.7-10.1]
- Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431
occurs using http/2 on RHEL8
mod_md
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | httpd-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.src.rpm | c954a02755d70b034554c68b2acd483a | - | ol8_aarch64_appstream |
| mod_http2-1.15.7-10.module+el8.10.0+90430+1ba508be.1.src.rpm | ea80607a8ac19faa903cedf9ad7bec4c | - | ol8_aarch64_appstream | |
| mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm | 57baf2f70c9de0a1ab3a4a39fb97b4a0 | - | ol8_aarch64_appstream | |
| httpd-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | e14f5092fa196e33396a643c04bdd5ad | - | ol8_aarch64_appstream | |
| httpd-devel-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | 9b96be161f936ff112464e45e039c20c | - | ol8_aarch64_appstream | |
| httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.noarch.rpm | 6f3854ef0c07492f735f581e44cbcff3 | - | ol8_aarch64_appstream | |
| httpd-manual-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.noarch.rpm | 9598c668403c999baa6261b2aa2b1b10 | - | ol8_aarch64_appstream | |
| httpd-tools-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | f905de612bedb6601af07517313a3c59 | - | ol8_aarch64_appstream | |
| mod_http2-1.15.7-10.module+el8.10.0+90430+1ba508be.1.aarch64.rpm | 48405ff7cc1efbd08ea7c2201b07109c | - | ol8_aarch64_appstream | |
| mod_ldap-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | 3f770d1f39179bd2870b562c46d464da | - | ol8_aarch64_appstream | |
| mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm | e0cdd2c7bbe8ba7cf3614b973dd7eb66 | - | ol8_aarch64_appstream | |
| mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | d6ec7c0a11ff2bfeb5c2a5b49d3b26d7 | - | ol8_aarch64_appstream | |
| mod_session-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | 6556dbcfbb3644848d30d5976b140f9a | - | ol8_aarch64_appstream | |
| mod_ssl-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.aarch64.rpm | 510bb11e72f19d6b2ab828fb1d236658 | - | ol8_aarch64_appstream | |
| Oracle Linux 8 (x86_64) | httpd-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.src.rpm | c954a02755d70b034554c68b2acd483a | - | ol8_x86_64_appstream |
| mod_http2-1.15.7-10.module+el8.10.0+90430+1ba508be.1.src.rpm | ea80607a8ac19faa903cedf9ad7bec4c | - | ol8_x86_64_appstream | |
| mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm | 57baf2f70c9de0a1ab3a4a39fb97b4a0 | - | ol8_x86_64_appstream | |
| httpd-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | 1573c578b917761ff9383af768600059 | - | ol8_x86_64_appstream | |
| httpd-devel-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | ba7868d8a967e8381f6709c08c0db5a1 | - | ol8_x86_64_appstream | |
| httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.noarch.rpm | 6f3854ef0c07492f735f581e44cbcff3 | - | ol8_x86_64_appstream | |
| httpd-manual-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.noarch.rpm | 9598c668403c999baa6261b2aa2b1b10 | - | ol8_x86_64_appstream | |
| httpd-tools-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | 8361281c392c68293e5a526e54c807e9 | - | ol8_x86_64_appstream | |
| mod_http2-1.15.7-10.module+el8.10.0+90430+1ba508be.1.x86_64.rpm | 5cb8ea58d3017d4737f244afcc4ed220 | - | ol8_x86_64_appstream | |
| mod_ldap-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | 2aa61e3c186fc8614ff161bc3f526c4a | - | ol8_x86_64_appstream | |
| mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm | 50f77dc288425f1cdee5d05760c7dccb | - | ol8_x86_64_appstream | |
| mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | d4a8f9c090fb1fd71e6ad27e52cc1f93 | - | ol8_x86_64_appstream | |
| mod_session-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | 9cd9f498cf15cd66a9df6cc2868b349c | - | ol8_x86_64_appstream | |
| mod_ssl-2.4.37-65.0.1.module+el8.10.0+90430+1ba508be.2.x86_64.rpm | 0db6c60daad38d505805aa09354954eb | - | ol8_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
