ELSA-2014-1972

ELSA-2014-1972 - httpd24-httpd security and bug fix update

Type:	SECURITY
Severity:	LOW
Release Date:	2016-02-04

Description

[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)

[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)

[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)

[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352

Related CVEs

CVE-2013-5704

CVE-2014-3581

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 6 (x86_64)	httpd24-httpd-2.4.6-22.0.1.el6.src.rpm	d1648a80b40e98d15f24f6c047bea027	-
	httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpm	bc789254ba1a4dd804b63f5d17553137	-
	httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpm	80e2090a4bb4c23eff2d8f4f72a3feea	-
	httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpm	8c7102ef54f1b9e19b975f58ebc88a36	-
	httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpm	d306f2cdea18028d1a8909f598a94893	-
	httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpm	86bdfc4d4ae31f3e2a6c5db3fdaf3f93	-
	httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpm	2056ba776f30bd4098362bec99cb9b53	-
	httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpm	c60a90d6047b01a5200cfbb16b90c10a	-
	httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm	36350c54f4b46e6b90ed700ce054d5d3	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team