Type: | SECURITY |
Severity: | LOW |
Release Date: | 2016-02-04 |
[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)
[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)
[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)
[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352
CVE-2013-5704 |
CVE-2014-3581 |
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
Oracle Linux 6 (x86_64) | httpd24-httpd-2.4.6-22.0.1.el6.src.rpm | d1648a80b40e98d15f24f6c047bea027 | - |
httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpm | bc789254ba1a4dd804b63f5d17553137 | - | |
httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpm | 80e2090a4bb4c23eff2d8f4f72a3feea | - | |
httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpm | 8c7102ef54f1b9e19b975f58ebc88a36 | - | |
httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpm | d306f2cdea18028d1a8909f598a94893 | - | |
httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpm | 86bdfc4d4ae31f3e2a6c5db3fdaf3f93 | - | |
httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpm | 2056ba776f30bd4098362bec99cb9b53 | - | |
httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpm | c60a90d6047b01a5200cfbb16b90c10a | - | |
httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm | 36350c54f4b46e6b90ed700ce054d5d3 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team