ELSA-2019-0980

ULN >
Oracle Linux Errata repository >
ELSA-2019-0980

ELSA-2019-0980 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-07-30

Description

httpd
[2.4.37-11.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-11]
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication

mod_http2
[1.11.3-2]
- update release (#1695587)

Related CVEs

CVE-2019-0215

CVE-2019-0211

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.src.rpm	e6227a4e1b2fcc7eab92063a6d4641ad5a31b68ad96c0d21f648d7e00fa39c98	-	ol8_aarch64_appstream
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.src.rpm	34262546740cbd88130bc59672c60b4ae697c228569c2dff07c55e01eeb0c570	-	ol8_aarch64_appstream
	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	7444e9f0686b28273a433903d1ea33fd5a467ce6249d5892ec7d92b559c94e8e	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	e685091fec697eb91435cb5734f0580995116592125f2b27c5622b90a14bfafe	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	e9037a14879432c674365a001d3650a997341c058a458dca0815ddeafa7480ec	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	d8dd27dc3a21d1f66fec446095ba93cebd4491b496fba6612f352a8aae817e6c	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	d8e8e5daeae6d5e740622a4b60abd36fc590dacb07a862fa72f377038d34d8f2	-	ol8_aarch64_appstream
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.aarch64.rpm	1d8bd52babec55591ff1e208d5785d523219f57d4ceda8133a8bc2b7f3fafba3	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	1c526b1c90b520037921c144a5654fadf5668e8a01c5b9143bafe1e15afa5d6c	-	ol8_aarch64_appstream
	mod_md-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	a80b02493708cf8080d07a0618cd4fb908215e8ff413ca5ec0ebd26e22cb77e5	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	48f9c3f0f214c962ab823e71bbed11dfc71ace92dc3420ba814f0d2a297b5238	-	ol8_aarch64_appstream
	mod_session-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	a13d67be745b204be2db8ea3df247215271fd65f81a9e219bc7be39d27195e11	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.aarch64.rpm	b27586b36ceed4bfe8073a0cad58c703c1dd1ec4925f6fde5e496bd44f92f54b	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.src.rpm	e6227a4e1b2fcc7eab92063a6d4641ad5a31b68ad96c0d21f648d7e00fa39c98	-	ol8_x86_64_appstream
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.src.rpm	34262546740cbd88130bc59672c60b4ae697c228569c2dff07c55e01eeb0c570	-	ol8_x86_64_appstream
	httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	1c79ae92e3bcffe6e83dcabca180076e767353bddccde2674db1a698a056ba88	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	77955bf87502b7995167fc48c830104d5e3904edacc622a9ace39da9a6f9fbe9	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	e9037a14879432c674365a001d3650a997341c058a458dca0815ddeafa7480ec	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.noarch.rpm	d8dd27dc3a21d1f66fec446095ba93cebd4491b496fba6612f352a8aae817e6c	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	26d05f3665345ffcbf0a911bd6822e32686b5347469fa082275945e89f49b80e	-	ol8_x86_64_appstream
	mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6.x86_64.rpm	0aae639160d80d89ba1a8fbe897ac06906d7446d533d201ca87d02e3024df1a6	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	0fa318d91a364d3620944db9446d4a500af4773257ad867e6f935e19182382af	-	ol8_x86_64_appstream
	mod_md-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	aa28fbc1949a12ff98438b8db87be0cba4efd3d09fbbbbd3ce6b385ab104a1ab	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	76dd6eb1f7435d794ad584364bfeb4b034fdebda73ccc1eda3066eafcaaf7046	-	ol8_x86_64_appstream
	mod_session-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	d71bf98c9f261a66f0d40ab1675bf09e9b40a2fed1ed97a7d2bb66f4ea775531	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6.x86_64.rpm	05678be1f952cfb4cb635153a8a818717b232e0e674ba9bb441b88dc3ab49286	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691