ELSA-2019-2893

ELSA-2019-2893 - httpd:2.4 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-09-24

Description


httpd
[2.4.37-12.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-12]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service

mod_http2
[1.11.3-3]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service


Related CVEs


CVE-2019-9517

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm522cc587168f5c74bb879a7e349bf518-
mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm02cb9e5788c9b8444bc0770efd169daf-
httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm07d57e421fd2f1ec036d06b55e6d1372-
httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpma5b0df04b57db64b1987bcfe5fb5096c-
httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm041db71efc2703b2819c28b03653960b-
httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpmb6c9988e268c5447d0ae6a16866ee7c2-
httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm8691044b09c53535e27bd21c0847a5eb-
mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.aarch64.rpm0a2ca3de3be522a12a97e93e8d58142f-
mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm459afdf7d3e6e2d9370e1df198e69a51-
mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpmf8bce95e65cc424f01056624b275c27c-
mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpmcccc96f155fad57ac669105a659d70a8-
mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm71ccf5eb61b79df15d9d205ebb2b3d9e-
mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpmaca3d56204c3f3f96faf9e25cad0dfd3-
Oracle Linux 8 (x86_64) httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm522cc587168f5c74bb879a7e349bf518-
mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm02cb9e5788c9b8444bc0770efd169daf-
httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmd1461bdf2962c5f2144959448b216dad-
httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmb80f9889faa3a3a1761606743dac52e9-
httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm041db71efc2703b2819c28b03653960b-
httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpmb6c9988e268c5447d0ae6a16866ee7c2-
httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm6145ac74522d9c358864c0ec7dea502c-
mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.x86_64.rpmf4051d3a9a632d181b76c413b9fa2599-
mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm2da27e52c4fdf63a0e0cb45f6c277f94-
mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmaa5433503ff08ef87a03bfb5ef62a6c8-
mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmdeb50f4d4e69a141ee72f6891706d3aa-
mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmafa9ddba549985456272dfa0386f70a1-
mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpmf452db28096b9d8f223fc9bc7bbf62a3-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete