ELSA-2021-1809

ELSA-2021-1809 - httpd:2.4 security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2021-05-25

Description


httpd
[2.4.37-39.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-39]
- prevent htcacheclean from while break when first file processed

[2.4.37-38]
- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files created by apache

[2.4.37-37]
- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
to be able to handle certs without matching private key

[2.4.37-36]
- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd
mod_proxy_wstunnel
- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

[2.4.37-35]
- Resolves: #1651376 - centralizing default index.html for httpd

[2.4.37-33]
- Resolves: #1868608 - Intermittent Segfault in Apache httpd due to pool
concurrency issues
- Resolves: #1861380 - httpd/mod_proxy_http/mod_ssl aborted when sending
a client cert to backend server
- Resolves: #1680118 - unorderly connection close when client attempts
renegotiation

[2.4.37-31]
- Resolves: #1677590 - CVE-2018-17199 httpd:2.4/httpd: mod_session_cookie does
not respect expiry time
- Resolves: #1869075 - CVE-2020-11984 httpd:2.4/httpd: mod_proxy_uswgi buffer
overflow
- Resolves: #1872828 - httpd: typo in htpasswd, contained in httpd-tools package
- Resolves: #1869576 - httpd : mod_proxy should allow to specify
Proxy-Authorization in ProxyRemote directive
- Resolves: #1875844 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1891829 - mod_proxy_hcheck Doesnt perform checks when in
a balancer

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources


Related CVEs


CVE-2018-17199
CVE-2020-11984
CVE-2020-11993

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.src.rpm2c981eac0929146e7abd3ca09a1be252-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm2f5730263c75dd2e6496b289018b63d0-
httpd-devel-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm4c609f175f135e7d3ec4edfc3958792c-
httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm6740653c178c250ede52a2ea2f12dbb5-
httpd-manual-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm61c3acdfba3b6985ae6e8faa7a6496f8-
httpd-tools-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm6504ad3abfd135d5474bb75e53c64334-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpmc96f1ce00150115f21de9ae2b1292791-
mod_ldap-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm943f462523b367946b024ccd7b90573b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpmef9ada4ee3b92e532ee360897b872fd7-
mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpmb73ca3b7afb8776ae34b0616ba9b1ac5-
mod_session-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm6ee3fc5fdf792bcd308f0e1076546947-
mod_ssl-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpmdc5ffcd21cfa457f8ebf77877d9fb7cf-
Oracle Linux 8 (x86_64) httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.src.rpm2c981eac0929146e7abd3ca09a1be252-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpmc91ad62e84c8bed7512c3ffeb85b3ae1-
httpd-devel-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm8e0e25d4b1ef5b01c53f08d8a3bc4ad1-
httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm6740653c178c250ede52a2ea2f12dbb5-
httpd-manual-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm61c3acdfba3b6985ae6e8faa7a6496f8-
httpd-tools-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpmc67333d4d2e000441c3294cc78daba52-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm63cf91b96c95af5dcba2af37b59ba747-
mod_ldap-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm6ce4450803d86459e51ca735243b9613-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm4281a45471c608328e2ecc8c05fc1e70-
mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm8dcf78eaffdce02a6b425366715b3e5a-
mod_session-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm5905de222242d63b8fc8e5f663dad27c-
mod_ssl-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpmd30872294c96989fbf8e15520da132e1-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete