ELSA-2021-3816

ULN >
Oracle Linux Errata repository >
ELSA-2021-3816

ELSA-2021-3816 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2021-10-13

Description

httpd
[2.4.37-39.1.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-39.1]
- Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path
- Resolves: #2007646 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
mod_session

Related CVEs

CVE-2021-26691

CVE-2021-40438

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.src.rpm	c3f3f3dfdafa3b31adf2549d8cf2ca4af3c234fc488968fcfe34f3453c739fd8	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_aarch64_appstream
	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	a629b8c7c472f4f4ca688a8764db942a8df3b83cb569a3844db08ce9f6c537cc	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	1da9abc8001549ec850aeca53c802fd841515c77c02808406c7f3fb4d0aa4c81	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	328757538aa3672ffa4f6f6e338ff1f09bb1120a952200c85d592b40f823997e	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	3a551244e43291f986dd0489267a79096e6c04f396a6ccdd20566fa8f3fb423b	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	a035315c2a735c1400fed433af0337db9d5662adaa54142c79adb14947536d9a	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	48c211ad4477b6c8230e9683533f757a3549be1d1e25f509cdfce3a8d2f318b6	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	35c75e6ea7c04cdb9ec594c1bb069f043bca9d4070bc8d70d7c53d2343ead1be	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpm	59828ad0b80a3834a86568cf0b9789c1f921dfc22ea814250ce6846afb30ba5f	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	06d0097c835740dbcc70ef22553129cb589177a35643a8048aa45f53abf38b63	-	ol8_aarch64_appstream
	mod_session-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	9248109ef28ddfa6e0654fed92d72a54277e5c5326c05841f9cf0d070bc53737	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	6e719edcb83619ea46a02e75cf3e6776c43a48197102d406b9446c5aab883736	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.src.rpm	c3f3f3dfdafa3b31adf2549d8cf2ca4af3c234fc488968fcfe34f3453c739fd8	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_x86_64_appstream
	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	e274de09d5f529775f1834bf52065d50d6a53b4e93a933d51781010119006cc4	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	ca805d4185fa59e3bc29f966c7ceae0de956e9ae29715bc6118e0f75680b379b	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	328757538aa3672ffa4f6f6e338ff1f09bb1120a952200c85d592b40f823997e	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	3a551244e43291f986dd0489267a79096e6c04f396a6ccdd20566fa8f3fb423b	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	b3ac587c1b519bcd62e55a9394844f37cd5dfc9d503c0890ee558de1eaa62f4a	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	2aaaad69193253ef2e42e24a199ca542ce5a5958773ab46180b297744cfa4706	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	8e33d3676d74c36497dcc5e699a30e0f6ab8655a0f6d4e2366bf6a19e274e045	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm	145c47237014a0d3b92273ad9863060c4dde48fd83ccdc814e191954d78ebe22	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	7c958b83837e1231dde8b60d68fc391fc4bf85f427682950636c22ed66501145	-	ol8_x86_64_appstream
	mod_session-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	12a113115c5e4f7d942f21f0506a483edc8eaf885fa5a9699266da2ba56aeb01	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	054c62671846120e1e8a87d0cf6875e18fde79277e356b09f7a77271f1d37994	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691