ELSA-2019-2893

ULN >
Oracle Linux Errata repository >
ELSA-2019-2893

ELSA-2019-2893 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-09-24

Description

httpd
[2.4.37-12.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-12]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service

mod_http2
[1.11.3-3]
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service

Related CVEs

CVE-2019-9517

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm	7e4bb8888ad5cce92bc4d38f593a6627d9d2d7d0fa35ded7e795ac24665d76c2	-	ol8_aarch64_appstream
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm	61a0d8428e2dca1699816992e414fb87562630f318abd855adc7a4a0477383d7	-	ol8_aarch64_appstream
	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	9373c5c16c238233fd517e701c79cdfc2ca32385eb948c7db98570d76ad6a2a8	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	c92e4dc6ddcbebe6567d9dab2229584f647859c2723ff6fd5e158a85fdfb4d63	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	b16463bf70504139e605a0c89571e6f82ac89c36fec166d0aa322829da6e759d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	bae66e2a26052dde09ce5719eebe30b6092c5e6f6c4df84c5ff79521168682bc	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	be3f389a540e7a5677bf2042b8e90e559e261d21435c156b9fc4a7f4cdba153b	-	ol8_aarch64_appstream
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.aarch64.rpm	e8f364e69e04dea60f15ee41fe0238796488b0a99230d31111bfcd43ccac79c4	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	bab24498a5761673ba50ecb51943dc58f15978ca2fb5a41eab5029b94ea4a296	-	ol8_aarch64_appstream
	mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	f6bbcc952f8ec78027535019fffec7acfe586cc33fd9a0ce13b266568df882f0	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	83e8aae7d1be468f2faca93a8c3cca39ae50eff2e88ec097e09c8731134c52f6	-	ol8_aarch64_appstream
	mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	4a56f02898cbc0ff91439efaf3e1882e30b1fdc55b9860808d7e93084c7b150c	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.aarch64.rpm	2732eb674536085ec28f6363bc8c02a136d5a01fc101a986a32c7e2d585fedbe	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.src.rpm	7e4bb8888ad5cce92bc4d38f593a6627d9d2d7d0fa35ded7e795ac24665d76c2	-	ol8_x86_64_appstream
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.src.rpm	61a0d8428e2dca1699816992e414fb87562630f318abd855adc7a4a0477383d7	-	ol8_x86_64_appstream
	httpd-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	5f1a6e80b905ede571b2547583af0211085d1d5b7144cc6ee53c6dd10a385e34	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	a405a07f62856329c66aca0b7cdd9218afdfd0b3aa6234bc16dc62ebfc89ad2f	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	b16463bf70504139e605a0c89571e6f82ac89c36fec166d0aa322829da6e759d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.noarch.rpm	bae66e2a26052dde09ce5719eebe30b6092c5e6f6c4df84c5ff79521168682bc	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	86bd2e3d1e080f3c521865691e658546f1ad0c5e3ce31406e52b405f607bec4d	-	ol8_x86_64_appstream
	mod_http2-1.11.3-3.module+el8.0.0+5348+de75177e.x86_64.rpm	25a9a3785f16bc25e862431bebfa61d2939cf4e86fe2558b68dc9f1742e614f1	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	5e6b7ec1e9059aeec84d7eba6671ce03f1ec8012ed808ecfec49a3ee2f4d84b0	-	ol8_x86_64_appstream
	mod_md-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	925f687ffe96a7104623d032274e09f7a156074883e14e54e26c46fbe8d1af5f	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	64f8c8d010c067e0e91dd98090dee7c81fc9dc4ef55dda18f08627972cb3ed66	-	ol8_x86_64_appstream
	mod_session-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	58fcd40a56570151dad6f3537fd108e4b1926f751aeb4b8ba320e049dcca63af	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-12.0.1.module+el8.0.0+5348+de75177e.x86_64.rpm	777d1fbc01abbdd129896d264fc10747b1fdd210d786ab258ed3e8d8fab4cb54	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691