ELSA-2019-2893

ULN >
Oracle Linux Errata repository >
ELSA-2019-2893

ELSA-2019-2893 - httpd:2.4 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2019-09-24

Description

httpd
[2.4.37-12.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-12]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service

mod_http2
[1.11.3-3]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service

Related CVEs

CVE-2019-9517

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm	522cc587168f5c74bb879a7e349bf518	-
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm	02cb9e5788c9b8444bc0770efd169daf	-
	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	07d57e421fd2f1ec036d06b55e6d1372	-
	httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	a5b0df04b57db64b1987bcfe5fb5096c	-
	httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	041db71efc2703b2819c28b03653960b	-
	httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	b6c9988e268c5447d0ae6a16866ee7c2	-
	httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	8691044b09c53535e27bd21c0847a5eb	-
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.aarch64.rpm	0a2ca3de3be522a12a97e93e8d58142f	-
	mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	459afdf7d3e6e2d9370e1df198e69a51	-
	mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	f8bce95e65cc424f01056624b275c27c	-
	mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	cccc96f155fad57ac669105a659d70a8	-
	mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	71ccf5eb61b79df15d9d205ebb2b3d9e	-
	mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	aca3d56204c3f3f96faf9e25cad0dfd3	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm	522cc587168f5c74bb879a7e349bf518	-
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm	02cb9e5788c9b8444bc0770efd169daf	-
	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	d1461bdf2962c5f2144959448b216dad	-
	httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	b80f9889faa3a3a1761606743dac52e9	-
	httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	041db71efc2703b2819c28b03653960b	-
	httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	b6c9988e268c5447d0ae6a16866ee7c2	-
	httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	6145ac74522d9c358864c0ec7dea502c	-
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.x86_64.rpm	f4051d3a9a632d181b76c413b9fa2599	-
	mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	2da27e52c4fdf63a0e0cb45f6c277f94	-
	mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	aa5433503ff08ef87a03bfb5ef62a6c8	-
	mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	deb50f4d4e69a141ee72f6891706d3aa	-
	mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	afa9ddba549985456272dfa0386f70a1	-
	mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	f452db28096b9d8f223fc9bc7bbf62a3	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691