ELSA-2014-1972

ELSA-2014-1972 - httpd24-httpd security and bug fix update

Type:SECURITY
Severity:LOW
Release Date:2016-02-04

Description


[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)

[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)

[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)

[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352


Related CVEs


CVE-2013-5704
CVE-2014-3581

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (x86_64) httpd24-httpd-2.4.6-22.0.1.el6.src.rpmd1648a80b40e98d15f24f6c047bea027-
httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpmbc789254ba1a4dd804b63f5d17553137-
httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpm80e2090a4bb4c23eff2d8f4f72a3feea-
httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpm8c7102ef54f1b9e19b975f58ebc88a36-
httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpmd306f2cdea18028d1a8909f598a94893-
httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpm86bdfc4d4ae31f3e2a6c5db3fdaf3f93-
httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpm2056ba776f30bd4098362bec99cb9b53-
httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpmc60a90d6047b01a5200cfbb16b90c10a-
httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm36350c54f4b46e6b90ed700ce054d5d3-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete