Stay Connected:

ELSA-2023-1670

ELSA-2023-1670 - httpd and mod_http2 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-04-06

Description


httpd
[2.4.53-7.0.1.5]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.53-7.5]
- Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

mod_http2
[1.15.19-3.5]
- Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

[1.15.19-3]
- Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
in forward proxy configurations


Related CVEs


CVE-2023-25690

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 9 (aarch64) httpd-2.4.53-7.0.1.el9_1.5.src.rpm8c635c7dee9631781ce61d4b94958417-
mod_http2-1.15.19-3.el9_1.5.src.rpm70053df44f1517c492f3e54037a55da9-
httpd-2.4.53-7.0.1.el9_1.5.aarch64.rpme7db954d79a5c910910a64443bdea03f-
httpd-core-2.4.53-7.0.1.el9_1.5.aarch64.rpmb294d712cab9b6f7e8a3f75c889c43b1-
httpd-devel-2.4.53-7.0.1.el9_1.5.aarch64.rpm9f291ebb344a246b12b7660c02a27d84-
httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm7ee18f7cabc940e04b020f206e89a2c5-
httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm39de7b43c033ee050720972e07791093-
httpd-tools-2.4.53-7.0.1.el9_1.5.aarch64.rpm18e2395ea21e7dd6142f9ceae13c41dc-
mod_http2-1.15.19-3.el9_1.5.aarch64.rpm702c4d2563ccf1d6a33b4d8a9a6cd5fa-
mod_ldap-2.4.53-7.0.1.el9_1.5.aarch64.rpm0144b39f2ff53ac9b8adb5ff12e610cf-
mod_lua-2.4.53-7.0.1.el9_1.5.aarch64.rpm4c22402609c274c4dd281065db6eaa3a-
mod_proxy_html-2.4.53-7.0.1.el9_1.5.aarch64.rpmb99d466bcfe29017d61552609e3292bd-
mod_session-2.4.53-7.0.1.el9_1.5.aarch64.rpm852e874c9a86dd3dd82f7e6d47cb15e6-
mod_ssl-2.4.53-7.0.1.el9_1.5.aarch64.rpm463db674658ebb92e12b9c9050284a1b-
Oracle Linux 9 (x86_64) httpd-2.4.53-7.0.1.el9_1.5.src.rpm8c635c7dee9631781ce61d4b94958417-
mod_http2-1.15.19-3.el9_1.5.src.rpm70053df44f1517c492f3e54037a55da9-
httpd-2.4.53-7.0.1.el9_1.5.x86_64.rpmcba94aa9cbacc11d136e663e47fc913d-
httpd-core-2.4.53-7.0.1.el9_1.5.x86_64.rpm62ce4e0262665fd8e470c08ecd2ca76b-
httpd-devel-2.4.53-7.0.1.el9_1.5.x86_64.rpm50d0e691805a07b07657205c816887d3-
httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm7ee18f7cabc940e04b020f206e89a2c5-
httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm39de7b43c033ee050720972e07791093-
httpd-tools-2.4.53-7.0.1.el9_1.5.x86_64.rpmabc2535d40dcfcc6e4f75eb651b39acb-
mod_http2-1.15.19-3.el9_1.5.x86_64.rpm1d062f03bbea1051e83d739e97bc96c7-
mod_ldap-2.4.53-7.0.1.el9_1.5.x86_64.rpma332c6100ba1d05dd83ac2082b0bf11a-
mod_lua-2.4.53-7.0.1.el9_1.5.x86_64.rpmbfcfd4204d9ed1a3949cff740ff5c4c5-
mod_proxy_html-2.4.53-7.0.1.el9_1.5.x86_64.rpmede31e90ebbab990c633b04e3a9f5352-
mod_session-2.4.53-7.0.1.el9_1.5.x86_64.rpm17a59be02fbf5a932acdc9895d4b7575-
mod_ssl-2.4.53-7.0.1.el9_1.5.x86_64.rpma7c8291494abe6fb8b0fbb8e618e00cb-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights