ELSA-2014-1972

ELSA-2014-1972 - httpd24-httpd security and bug fix update

Type:SECURITY
Impact:LOW
Release Date:2016-02-04

Description


[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)

[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)

[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)

[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352


Related CVEs


CVE-2013-5704
CVE-2014-3581

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 6 (x86_64) httpd24-httpd-2.4.6-22.0.1.el6.src.rpma6332173f7f84189563f0260eef3f6240ec7c63f7f025fdec9edb8d62443457c-ol6_x86_64_SoftwareCollections
httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpm5baf363fc1548b433fd5c711108ffd35ade4e3a86c5b51a1fa57c43cb9c4e7d8-ol6_x86_64_SoftwareCollections
httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpmfc1a93a1cde9e0fb691044ae919010f96e050c3a2943d55ece03aa1caecc1bd5-ol6_x86_64_SoftwareCollections
httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpma49f3c5bb9f44f960690db5518227bf3365c25bf04ba824a8eb9e4ab93fe5832-ol6_x86_64_SoftwareCollections
httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpmc0cbdadfb844dfaa10e7c99d94a31916fdaf1b43dcbbbd2597bc1edd49426f0d-ol6_x86_64_SoftwareCollections
httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpmf098efea9056ef477fd261fc1772c73e8ca8274ac19e99e6fba3b34742b912ee-ol6_x86_64_SoftwareCollections
httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpmf0f559ef64ddf0827eded2df9fa2e4a830329609739aaf58efec167a6b7b3605-ol6_x86_64_SoftwareCollections
httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpmc2ff17416790cbdafe97cafaaad1634f776f5a2ad9380ea57247b3c662f460e1-ol6_x86_64_SoftwareCollections
httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm3251116d4a6d6a7676d52ff5113e6381c2f1b8436ffe5a5c49b629eeedcded60-ol6_x86_64_SoftwareCollections



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete