ELSA-2019-0980

ULN >
Oracle Linux Errata repository >
ELSA-2019-0980

ELSA-2019-0980 - httpd:2.4 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2019-07-30

Description

httpd
[2.4.37-11.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-11]
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication

mod_http2
[1.11.3-2]
- update release (#1695587)

Related CVEs

CVE-2019-0211

CVE-2019-0215

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.src.rpm	561f70372872cc19540b73616edb5a06	-
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.src.rpm	6deb0bae5f28121e839699f19864bf42	-
	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	5e063d9c8de853793c09723c420eae0e	-
	httpd-devel-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	aee0d486f40efffb226dbce11f7da88e	-
	httpd-filesystem-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	41523959602b4557ff1fa8c81814abda	-
	httpd-manual-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	fff7b7c10beb6c7c69d872ba7cb64dd8	-
	httpd-tools-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	6073c12753788401c576c87c64d0ff62	-
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.aarch64.rpm	e3b6b41ff864964dcab50c4c1926eda1	-
	mod_ldap-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	8b17fbacb211587556ade1ecd6f64fe8	-
	mod_md-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	0b4930cbfadb2afa9f2dfb5e97ee1497	-
	mod_proxy_html-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	6eb33f8a1b45028c541e2f025b48d38b	-
	mod_session-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	c85c8c2b665d9d66a2c1c52b2ce3ab9a	-
	mod_ssl-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	350257bbadb2ddc47643f0a8f3e336d6	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.src.rpm	561f70372872cc19540b73616edb5a06	-
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.src.rpm	6deb0bae5f28121e839699f19864bf42	-
	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	a272487ca98ad3d1c68013137f8877dd	-
	httpd-devel-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	6335edcc489e06d9688774c05fb95495	-
	httpd-filesystem-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	41523959602b4557ff1fa8c81814abda	-
	httpd-manual-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	fff7b7c10beb6c7c69d872ba7cb64dd8	-
	httpd-tools-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	aaf90672f5038b4377758ad0342441c2	-
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.x86_64.rpm	cbb41ffc6cc023c9a7e0222f3e2bbffa	-
	mod_ldap-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	9c0b58953c2f320b5121d553f7aabd0a	-
	mod_md-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	5c1d86ece02444fe39e48ac89307e491	-
	mod_proxy_html-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	e8d7fcca741d144165266431bb49e8da	-
	mod_session-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	c7628fda9e4bb5da58d8d2f078943dc5	-
	mod_ssl-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	a39d1e51361f46c61d1e39b144e8a187	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691