ELSA-2017-2478

ELSA-2017-2478 - httpd security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-08-15

Description


[2.2.15-60.0.1.5]
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.2.15-60.5]
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
authentication bypass
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
in mod_auth_digest


Related CVEs


CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9788

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) httpd-2.2.15-60.0.1.el6_9.5.src.rpmf9f788a3167a18180b1d59d30654664e-
httpd-2.2.15-60.0.1.el6_9.5.i686.rpm43b0ea7b17bf7528ecf912596508fad5-
httpd-devel-2.2.15-60.0.1.el6_9.5.i686.rpm7a7c75d5f4973a741f45d0d53ba102cb-
httpd-manual-2.2.15-60.0.1.el6_9.5.noarch.rpm5c0128fc802bd6368850fdc7222eb4fb-
httpd-tools-2.2.15-60.0.1.el6_9.5.i686.rpm491f443004bfde95ee659459ec6d43fd-
mod_ssl-2.2.15-60.0.1.el6_9.5.i686.rpma7ca7e035cb9b41ea2ea526111e7cc5e-
Oracle Linux 6 (x86_64) httpd-2.2.15-60.0.1.el6_9.5.src.rpmf9f788a3167a18180b1d59d30654664e-
httpd-2.2.15-60.0.1.el6_9.5.x86_64.rpmb845f21dab3681114028973957c7054b-
httpd-devel-2.2.15-60.0.1.el6_9.5.i686.rpm7a7c75d5f4973a741f45d0d53ba102cb-
httpd-devel-2.2.15-60.0.1.el6_9.5.x86_64.rpm29253a865b7cb82279c19dfa61f72ee3-
httpd-manual-2.2.15-60.0.1.el6_9.5.noarch.rpm5c0128fc802bd6368850fdc7222eb4fb-
httpd-tools-2.2.15-60.0.1.el6_9.5.x86_64.rpm9d26cf5479cf5487b2a8845db2d186b4-
mod_ssl-2.2.15-60.0.1.el6_9.5.x86_64.rpm6128bea705c9a45861d0ac4677589b0e-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete