ELSA-2017-2479

ELSA-2017-2479 - httpd security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-08-15

Description


[2.4.6-67.0.1.el7_4.2]
- replace index.html with Oracle's index page oracle_index.html

[2.4.6-67.2]
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
authentication bypass
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
in mod_auth_digest


Related CVEs


CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9788
CVE-2017-7668

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) httpd-2.4.6-67.0.1.el7_4.2.src.rpmbffbb76125826176ec070c1b1360b013-
httpd-2.4.6-67.0.1.el7_4.2.x86_64.rpm3f24abebc1de168a9bfc7a79f938d511-
httpd-devel-2.4.6-67.0.1.el7_4.2.x86_64.rpmc2274d7eaea0cb8020a4e55bc614ae1d-
httpd-manual-2.4.6-67.0.1.el7_4.2.noarch.rpm9fa9a3d9f538da8f2ba1d130333b40cb-
httpd-tools-2.4.6-67.0.1.el7_4.2.x86_64.rpmfc655e89e0ed910077b3e614eff779bd-
mod_ldap-2.4.6-67.0.1.el7_4.2.x86_64.rpm0911ba7c943ba14c248849bea413c333-
mod_proxy_html-2.4.6-67.0.1.el7_4.2.x86_64.rpm859ae70bd6a3439f7026e63b507e991b-
mod_session-2.4.6-67.0.1.el7_4.2.x86_64.rpmc95ecea5238b7bdc1892f9edaf0585ab-
mod_ssl-2.4.6-67.0.1.el7_4.2.x86_64.rpm9c09b309c157910e862c6e4f272d3392-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete