ELSA-2020-3958

ELSA-2020-3958 - httpd security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-10-06

Description

[2.4.6-95.0.1]
- replace index.html with Oracles index page oracle_index.html

[2.4.6-95]
- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized
value

[2.4.6-94]
- Resolves: #1565491 - CVE-2017-15715 httpd: bypass with a trailing
newline in the file name
- Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
- Resolves: #1724879 - httpd terminates all SSL connections using an abortive
shutdown
- Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive
- Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in
mod_cache_socache can allow a remote attacker to cause a denial of service
- Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in
mod_session can allow a remote user to modify session data for CGI applications

Related CVEs

CVE-2018-1303

CVE-2017-15715

CVE-2020-1934

CVE-2018-1283

CVE-2020-1927

CVE-2019-10098

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (aarch64)	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_aarch64_latest
	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_aarch64_optional_latest
	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_aarch64_u9_base
	httpd-2.4.6-95.0.1.el7.aarch64.rpm	6622a2b7c9ce56bfef213b55fc4c1ee912104ee364ecca2cef3b2f6b2883c1d5	ELSA-2024-7101	ol7_aarch64_latest
	httpd-2.4.6-95.0.1.el7.aarch64.rpm	6622a2b7c9ce56bfef213b55fc4c1ee912104ee364ecca2cef3b2f6b2883c1d5	ELSA-2024-7101	ol7_aarch64_u9_base
	httpd-devel-2.4.6-95.0.1.el7.aarch64.rpm	15d2bd77f79739e6dcd5c2463d7ff8a2c2177b5a3f9e5d93c88f8cab9d0479b1	ELSA-2024-7101	ol7_aarch64_latest
	httpd-devel-2.4.6-95.0.1.el7.aarch64.rpm	15d2bd77f79739e6dcd5c2463d7ff8a2c2177b5a3f9e5d93c88f8cab9d0479b1	ELSA-2024-7101	ol7_aarch64_u9_base
	httpd-manual-2.4.6-95.0.1.el7.noarch.rpm	48ccc25ede2153d950aa55cc8960b407379ceaed42845b9b67e476187bc006c3	ELSA-2024-7101	ol7_aarch64_latest
	httpd-manual-2.4.6-95.0.1.el7.noarch.rpm	48ccc25ede2153d950aa55cc8960b407379ceaed42845b9b67e476187bc006c3	ELSA-2024-7101	ol7_aarch64_u9_base
	httpd-tools-2.4.6-95.0.1.el7.aarch64.rpm	ed8ba3800da0a24646084f890c8a6c8d7f6a0ff1654be9d6d7a80193e3d96579	ELSA-2024-7101	ol7_aarch64_latest
	httpd-tools-2.4.6-95.0.1.el7.aarch64.rpm	ed8ba3800da0a24646084f890c8a6c8d7f6a0ff1654be9d6d7a80193e3d96579	ELSA-2024-7101	ol7_aarch64_u9_base
	mod_ldap-2.4.6-95.0.1.el7.aarch64.rpm	cf9c55fb777206d816aeb04f89d5da395a23af243161baf0760d3944ce6fcc10	ELSA-2024-7101	ol7_aarch64_optional_latest
	mod_proxy_html-2.4.6-95.0.1.el7.aarch64.rpm	3e1adde3ae10272864dec4f046813002c82adad268c27ac834285f2c41af14eb	ELSA-2024-7101	ol7_aarch64_optional_latest
	mod_session-2.4.6-95.0.1.el7.aarch64.rpm	1cfb812536335fd39055a9ed060b204ede79ec9301602f60cd137e13188c1b5a	ELSA-2024-7101	ol7_aarch64_latest
	mod_session-2.4.6-95.0.1.el7.aarch64.rpm	1cfb812536335fd39055a9ed060b204ede79ec9301602f60cd137e13188c1b5a	ELSA-2024-7101	ol7_aarch64_u9_base
	mod_ssl-2.4.6-95.0.1.el7.aarch64.rpm	ac4d74883d97bf4f46a7d3e44a10e36e5e83f864a58e18664452979fef77e3d4	ELSA-2024-7101	ol7_aarch64_latest
	mod_ssl-2.4.6-95.0.1.el7.aarch64.rpm	ac4d74883d97bf4f46a7d3e44a10e36e5e83f864a58e18664452979fef77e3d4	ELSA-2024-7101	ol7_aarch64_u9_base
Oracle Linux 7 (x86_64)	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_x86_64_latest
	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_x86_64_optional_latest
	httpd-2.4.6-95.0.1.el7.src.rpm	afdfbc49127998f455765afd9a4168cfee8117383c0ac7c05e162fd19fb47589	ELSA-2024-7101	ol7_x86_64_u9_base
	httpd-2.4.6-95.0.1.el7.x86_64.rpm	8473104aa90740590597b024b4df46a4b5a7641c4d982d615d1b90c13bb7800a	ELSA-2024-7101	ol7_x86_64_latest
	httpd-2.4.6-95.0.1.el7.x86_64.rpm	8473104aa90740590597b024b4df46a4b5a7641c4d982d615d1b90c13bb7800a	ELSA-2024-7101	ol7_x86_64_u9_base
	httpd-devel-2.4.6-95.0.1.el7.x86_64.rpm	6659ab81f946c32bee96444cbd7b592d36664704d6ad5f7b8a820f87f5255d1b	ELSA-2024-7101	ol7_x86_64_latest
	httpd-devel-2.4.6-95.0.1.el7.x86_64.rpm	6659ab81f946c32bee96444cbd7b592d36664704d6ad5f7b8a820f87f5255d1b	ELSA-2024-7101	ol7_x86_64_u9_base
	httpd-manual-2.4.6-95.0.1.el7.noarch.rpm	48ccc25ede2153d950aa55cc8960b407379ceaed42845b9b67e476187bc006c3	ELSA-2024-7101	ol7_x86_64_latest
	httpd-manual-2.4.6-95.0.1.el7.noarch.rpm	48ccc25ede2153d950aa55cc8960b407379ceaed42845b9b67e476187bc006c3	ELSA-2024-7101	ol7_x86_64_u9_base
	httpd-tools-2.4.6-95.0.1.el7.x86_64.rpm	a6a065db71c786e769c4d8a4041ef78a1de159af6f65d3a28b8f921074ad2e1c	ELSA-2024-7101	ol7_x86_64_latest
	httpd-tools-2.4.6-95.0.1.el7.x86_64.rpm	a6a065db71c786e769c4d8a4041ef78a1de159af6f65d3a28b8f921074ad2e1c	ELSA-2024-7101	ol7_x86_64_u9_base
	mod_ldap-2.4.6-95.0.1.el7.x86_64.rpm	194ec97a7a737540feadef7b66269a04ea48c5e2ef65628311eabb4c5cc6577f	ELSA-2024-7101	ol7_x86_64_optional_latest
	mod_proxy_html-2.4.6-95.0.1.el7.x86_64.rpm	488e891552e1483d1aeea0c3ce9ae8e2b3586748a04c281eaeabd481c785fb3c	ELSA-2024-7101	ol7_x86_64_optional_latest
	mod_session-2.4.6-95.0.1.el7.x86_64.rpm	bf3ee5b74598c41ecd19c5adc904970dde809e0f8d5351ac4ddca4c97858c74e	ELSA-2024-7101	ol7_x86_64_latest
	mod_session-2.4.6-95.0.1.el7.x86_64.rpm	bf3ee5b74598c41ecd19c5adc904970dde809e0f8d5351ac4ddca4c97858c74e	ELSA-2024-7101	ol7_x86_64_u9_base
	mod_ssl-2.4.6-95.0.1.el7.x86_64.rpm	5870ae84146c9d980234ff10ab7479c837ce978acbfcebe0194de8a6ea0028d0	ELSA-2024-7101	ol7_x86_64_latest
	mod_ssl-2.4.6-95.0.1.el7.x86_64.rpm	5870ae84146c9d980234ff10ab7479c837ce978acbfcebe0194de8a6ea0028d0	ELSA-2024-7101	ol7_x86_64_u9_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team