ELSA-2014-1972

ULN >
Oracle Linux Errata repository >
ELSA-2014-1972

ELSA-2014-1972 - httpd24-httpd security and bug fix update

Type:	SECURITY
Impact:	LOW
Release Date:	2016-02-04

Description

[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)

[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)

[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)

[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352

Related CVEs

CVE-2013-5704

CVE-2014-3581

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 6 (x86_64)	httpd24-httpd-2.4.6-22.0.1.el6.src.rpm	a6332173f7f84189563f0260eef3f6240ec7c63f7f025fdec9edb8d62443457c	-	ol6_x86_64_SoftwareCollections
	httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpm	5baf363fc1548b433fd5c711108ffd35ade4e3a86c5b51a1fa57c43cb9c4e7d8	-	ol6_x86_64_SoftwareCollections
	httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpm	fc1a93a1cde9e0fb691044ae919010f96e050c3a2943d55ece03aa1caecc1bd5	-	ol6_x86_64_SoftwareCollections
	httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpm	a49f3c5bb9f44f960690db5518227bf3365c25bf04ba824a8eb9e4ab93fe5832	-	ol6_x86_64_SoftwareCollections
	httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpm	c0cbdadfb844dfaa10e7c99d94a31916fdaf1b43dcbbbd2597bc1edd49426f0d	-	ol6_x86_64_SoftwareCollections
	httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpm	f098efea9056ef477fd261fc1772c73e8ca8274ac19e99e6fba3b34742b912ee	-	ol6_x86_64_SoftwareCollections
	httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpm	f0f559ef64ddf0827eded2df9fa2e4a830329609739aaf58efec167a6b7b3605	-	ol6_x86_64_SoftwareCollections
	httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpm	c2ff17416790cbdafe97cafaaad1634f776f5a2ad9380ea57247b3c662f460e1	-	ol6_x86_64_SoftwareCollections
	httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm	3251116d4a6d6a7676d52ff5113e6381c2f1b8436ffe5a5c49b629eeedcded60	-	ol6_x86_64_SoftwareCollections

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691