ELSA-2020-4751

ULN >
Oracle Linux Errata repository >
ELSA-2020-4751

ELSA-2020-4751 - httpd:2.4 security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-11-10

Description

httpd
[2.4.37-13.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-30]
- Resolves: #1209162 - support logging to journald from CustomLog

[2.4.37-29]
- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of
uninitialized value

[2.4.37-28]
- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http
doesnt work

[2.4.37-27]
- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations
vulnerable to open redirect
- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential
open redirect
- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site
scripting in mod_proxy error page
- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference
in mod_remoteip
- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http
doesnt work
- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive

mod_http2
[1.15.7-2]
- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd:
Push diary crash on specifically crafted HTTP/2 header

[1.15.7-1]
- new version 1.15.7
- Resolves: #1814236 - RFE: mod_http2 rebase
- Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd:
read-after-free in h2 connection shutdown
- Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd:
mod_http2: possible crash on late upgrade
- Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd:
mod_http2: read-after-free on a string compare
- Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd:
mod_http2: DoS via slow, unneeded request bodies

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.src.rpm	a204ebf530f59212676613ced0dac1a7	-
	mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd.src.rpm	b7b2fceb25265038aa76f78447f5ca4f	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	14a256c7954eaccd0c33deb8b19f4928	-
	httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	7f0d5b72cc0a44f6db0514c9de8158c1	-
	httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	64229fd3c3cced25754467c432765170	-
	httpd-filesystem-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.noarch.rpm	1ee1b8d6c0febcef1de5203a0408135e	-
	httpd-manual-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.noarch.rpm	4d9e89ead8a21a7425050654186fd903	-
	httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	c0af00d7596c8932e4622afb8bc295ce	-
	mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd.aarch64.rpm	4590d9f1ac8c9f8830337f4576d644b8	-
	mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	82b416fd1a8fcb36aea769c51af3fc95	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpm	ef9ada4ee3b92e532ee360897b872fd7	-
	mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	a350251ab5277ccd4249f42c7048e336	-
	mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	6a0a208b1491f123506cb80f0cc94e48	-
	mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.aarch64.rpm	3c12d3dd667f8180d9a43c7b001b91db	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.src.rpm	a204ebf530f59212676613ced0dac1a7	-
	mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd.src.rpm	b7b2fceb25265038aa76f78447f5ca4f	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	14a256c7954eaccd0c33deb8b19f4928	-
	httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	ad59aa38e8af586f3135e489f3094d53	-
	httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	e81c9929e36305d9cae865cd2bc4fbbe	-
	httpd-filesystem-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.noarch.rpm	1ee1b8d6c0febcef1de5203a0408135e	-
	httpd-manual-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.noarch.rpm	4d9e89ead8a21a7425050654186fd903	-
	httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	5f80247ab86e91d827fa963ea8c3ade1	-
	mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd.x86_64.rpm	39bd382b4194bf3854109a5c7a05bcc4	-
	mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	c0236a51d72459a76c6a721c9ba94eda	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm	4281a45471c608328e2ecc8c05fc1e70	-
	mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	7c4b5765ae95c34e92ef24fdf542e971	-
	mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	40b17a00573b372c791e13ae70d3f68a	-
	mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd.x86_64.rpm	d8dead01fff8223c051f270872e39f45	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691