ELSA-2020-1121

ELSA-2020-1121 - httpd security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-04-06

Description

[2.4.6-93.0.1]
- replace index.html with Oracles index page oracle_index.html

[2.4.6-93]
- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect
expiry time

[2.4.6-92]
- htpasswd: add SHA-2 crypt() support (#1486889)

[2.4.6-91]
- Resolves: #1630886 - scriptlet can fail if hostname is not installed
- Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in
mod_authnz_ldap when using too small Accept-Language values
- Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after
failure in reading the HTTP request
- Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch
directive
- Resolves: #1633152 - mod_session missing apr-util-openssl
- Resolves: #1649470 - httpd response contains garbage in Content-Type header
- Resolves: #1724034 - Unexpected OCSP in proxy SSL connection

Related CVEs

CVE-2018-1301

CVE-2017-15710

CVE-2018-17199

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (aarch64)	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_aarch64_latest
	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_aarch64_optional_latest
	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_aarch64_u8_base
	httpd-2.4.6-93.0.1.el7.aarch64.rpm	3f9f703d471d86b76ec19b434777fbf44b170b87cb4caf0c34984bf302007472	ELSA-2024-7101	ol7_aarch64_latest
	httpd-2.4.6-93.0.1.el7.aarch64.rpm	3f9f703d471d86b76ec19b434777fbf44b170b87cb4caf0c34984bf302007472	ELSA-2024-7101	ol7_aarch64_u8_base
	httpd-devel-2.4.6-93.0.1.el7.aarch64.rpm	514857d34b2d9770cf5ff9ab449dd80c271b7172862867e9ff8aa8675300dad9	ELSA-2024-7101	ol7_aarch64_latest
	httpd-devel-2.4.6-93.0.1.el7.aarch64.rpm	514857d34b2d9770cf5ff9ab449dd80c271b7172862867e9ff8aa8675300dad9	ELSA-2024-7101	ol7_aarch64_u8_base
	httpd-manual-2.4.6-93.0.1.el7.noarch.rpm	6253f4148280ca3e4139edad3ea3991123d56c2edc6ed7c3040110256f5e2b56	ELSA-2024-7101	ol7_aarch64_latest
	httpd-manual-2.4.6-93.0.1.el7.noarch.rpm	6253f4148280ca3e4139edad3ea3991123d56c2edc6ed7c3040110256f5e2b56	ELSA-2024-7101	ol7_aarch64_u8_base
	httpd-tools-2.4.6-93.0.1.el7.aarch64.rpm	b75fcb83cf15147875ed750a559eacac16d42477b4a8182b7bfca96385aeef14	ELSA-2024-7101	ol7_aarch64_latest
	httpd-tools-2.4.6-93.0.1.el7.aarch64.rpm	b75fcb83cf15147875ed750a559eacac16d42477b4a8182b7bfca96385aeef14	ELSA-2024-7101	ol7_aarch64_u8_base
	mod_ldap-2.4.6-93.0.1.el7.aarch64.rpm	49a9cc607f1a43d89d6236b223af90d266270c32145a348f0ee3b7b2295dad45	ELSA-2024-7101	ol7_aarch64_optional_latest
	mod_proxy_html-2.4.6-93.0.1.el7.aarch64.rpm	1a9e7c2257820268b07b10dea8a5de55b4458cbe12fadc32471086e6dba4d64c	ELSA-2024-7101	ol7_aarch64_optional_latest
	mod_session-2.4.6-93.0.1.el7.aarch64.rpm	afe5c8496f7a61c866aa92d0290992f943de6937b11af6a6cec099b477f5d510	ELSA-2024-7101	ol7_aarch64_latest
	mod_session-2.4.6-93.0.1.el7.aarch64.rpm	afe5c8496f7a61c866aa92d0290992f943de6937b11af6a6cec099b477f5d510	ELSA-2024-7101	ol7_aarch64_u8_base
	mod_ssl-2.4.6-93.0.1.el7.aarch64.rpm	e5610a51a8b4c3410535133f9b7146419989db934cfb8b37fd6ed06c716bae4f	ELSA-2024-7101	ol7_aarch64_latest
	mod_ssl-2.4.6-93.0.1.el7.aarch64.rpm	e5610a51a8b4c3410535133f9b7146419989db934cfb8b37fd6ed06c716bae4f	ELSA-2024-7101	ol7_aarch64_u8_base
Oracle Linux 7 (x86_64)	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_x86_64_latest
	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_x86_64_optional_latest
	httpd-2.4.6-93.0.1.el7.src.rpm	f32960cc3e147a636cd1c2868b1e57cf8725e0db0aa839f40dc39b11effe347f	ELSA-2024-7101	ol7_x86_64_u8_base
	httpd-2.4.6-93.0.1.el7.x86_64.rpm	4325233362100674cfea8044320ac83d6c29bb9f28990727de7b168e8e7f6a54	ELSA-2024-7101	ol7_x86_64_latest
	httpd-2.4.6-93.0.1.el7.x86_64.rpm	4325233362100674cfea8044320ac83d6c29bb9f28990727de7b168e8e7f6a54	ELSA-2024-7101	ol7_x86_64_u8_base
	httpd-devel-2.4.6-93.0.1.el7.x86_64.rpm	e9ceb33fe079f9881cb58c4e6ca3fd0b43748b04e525a0b53cf0793ed02a3fb8	ELSA-2024-7101	ol7_x86_64_latest
	httpd-devel-2.4.6-93.0.1.el7.x86_64.rpm	e9ceb33fe079f9881cb58c4e6ca3fd0b43748b04e525a0b53cf0793ed02a3fb8	ELSA-2024-7101	ol7_x86_64_u8_base
	httpd-manual-2.4.6-93.0.1.el7.noarch.rpm	6253f4148280ca3e4139edad3ea3991123d56c2edc6ed7c3040110256f5e2b56	ELSA-2024-7101	ol7_x86_64_latest
	httpd-manual-2.4.6-93.0.1.el7.noarch.rpm	6253f4148280ca3e4139edad3ea3991123d56c2edc6ed7c3040110256f5e2b56	ELSA-2024-7101	ol7_x86_64_u8_base
	httpd-tools-2.4.6-93.0.1.el7.x86_64.rpm	d422b3f9416ed0aa2bee3eb979cc297fb5b8ea7cf641c4a391c2ca5a6701f6b1	ELSA-2024-7101	ol7_x86_64_latest
	httpd-tools-2.4.6-93.0.1.el7.x86_64.rpm	d422b3f9416ed0aa2bee3eb979cc297fb5b8ea7cf641c4a391c2ca5a6701f6b1	ELSA-2024-7101	ol7_x86_64_u8_base
	mod_ldap-2.4.6-93.0.1.el7.x86_64.rpm	b50affde29b08e291475693546ab20f5114d94e51557e58154388affe6a25a8a	ELSA-2024-7101	ol7_x86_64_optional_latest
	mod_proxy_html-2.4.6-93.0.1.el7.x86_64.rpm	14eccf58a35df2bae3885198820e747e1de2238d42b9dccdc6eb7d9625a232fe	ELSA-2024-7101	ol7_x86_64_optional_latest
	mod_session-2.4.6-93.0.1.el7.x86_64.rpm	92203b2f9ec0da32f5c7b4f533dfb7ed9206901a9f9fa513c4de50798f6e6828	ELSA-2024-7101	ol7_x86_64_latest
	mod_session-2.4.6-93.0.1.el7.x86_64.rpm	92203b2f9ec0da32f5c7b4f533dfb7ed9206901a9f9fa513c4de50798f6e6828	ELSA-2024-7101	ol7_x86_64_u8_base
	mod_ssl-2.4.6-93.0.1.el7.x86_64.rpm	67676688adc208ced51b2d43333d60e1a2af18284127d7c0a38d3be6c07149a5	ELSA-2024-7101	ol7_x86_64_latest
	mod_ssl-2.4.6-93.0.1.el7.x86_64.rpm	67676688adc208ced51b2d43333d60e1a2af18284127d7c0a38d3be6c07149a5	ELSA-2024-7101	ol7_x86_64_u8_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team