ELSA-2021-1809

ULN >
Oracle Linux Errata repository >
ELSA-2021-1809

ELSA-2021-1809 - httpd:2.4 security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-05-25

Description

httpd
[2.4.37-39.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-39]
- prevent htcacheclean from while break when first file processed

[2.4.37-38]
- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files created by apache

[2.4.37-37]
- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
to be able to handle certs without matching private key

[2.4.37-36]
- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd
mod_proxy_wstunnel
- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

[2.4.37-35]
- Resolves: #1651376 - centralizing default index.html for httpd

[2.4.37-33]
- Resolves: #1868608 - Intermittent Segfault in Apache httpd due to pool
concurrency issues
- Resolves: #1861380 - httpd/mod_proxy_http/mod_ssl aborted when sending
a client cert to backend server
- Resolves: #1680118 - unorderly connection close when client attempts
renegotiation

[2.4.37-31]
- Resolves: #1677590 - CVE-2018-17199 httpd:2.4/httpd: mod_session_cookie does
not respect expiry time
- Resolves: #1869075 - CVE-2020-11984 httpd:2.4/httpd: mod_proxy_uswgi buffer
overflow
- Resolves: #1872828 - httpd: typo in htpasswd, contained in httpd-tools package
- Resolves: #1869576 - httpd : mod_proxy should allow to specify
Proxy-Authorization in ProxyRemote directive
- Resolves: #1875844 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1891829 - mod_proxy_hcheck Doesnt perform checks when in
a balancer

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources

Related CVEs

CVE-2020-11993

CVE-2018-17199

CVE-2020-11984

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.src.rpm	ff8c0a5343a054b043941985837ff3b863f2b2e5f24f71745bfc1ef00a86bb78	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_aarch64_appstream
	httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	2ded0133d69163bcfb54c8ac6a2c86fcabfdc741b4e786df39cc3a27ca8b377c	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	85ebeca75fa47087e0c512350e9836948233ffa102fd7a9aea4462d66b73577e	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm	2624ffda26531d774b61289a8ae4e3080022e5e26e380ba1af38cd23ce57f586	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm	2f76c54f29919f17a8b01aa6f493799c997c02b629fe22b566d268136dd11cf0	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	486216e50719414c3988ff1336079168f4363ff6af1d050f2deabbd371f0350f	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	48c211ad4477b6c8230e9683533f757a3549be1d1e25f509cdfce3a8d2f318b6	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	e3fd4237ef22d798cf572140905f87045de6bf98ea096530ed3840af36a02d1b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpm	59828ad0b80a3834a86568cf0b9789c1f921dfc22ea814250ce6846afb30ba5f	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	e861798abe30a5381e116ad0cdbff99c59ce5e47619549ed2143afaa1bedc7cc	-	ol8_aarch64_appstream
	mod_session-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	961822919ab133da1f2bb3d247be2b6dbc967d63015151a9bac639f82c73bac2	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.aarch64.rpm	babbb4b41cffac4fec30d80f71459c80844b3b02a6c10f6aae2a700cda299cd0	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.src.rpm	ff8c0a5343a054b043941985837ff3b863f2b2e5f24f71745bfc1ef00a86bb78	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_x86_64_appstream
	httpd-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	e1cd594750cc5073defd95bf24b5dd61529d9adb5dfe3aae7872c4eae87034c7	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	54abcb99dbfe5c45c97b7cc375003924e2ab65ddc1f1834cb8f000f52846cbed	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm	2624ffda26531d774b61289a8ae4e3080022e5e26e380ba1af38cd23ce57f586	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.noarch.rpm	2f76c54f29919f17a8b01aa6f493799c997c02b629fe22b566d268136dd11cf0	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	1d1abd4daa272154ca49bccd7ba6663e6ef97f5e348e22766a5abd7b647f1b8f	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	2aaaad69193253ef2e42e24a199ca542ce5a5958773ab46180b297744cfa4706	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	756993f6100345f3ab814ece648e6ec793bec3c94abfd6aba0b85d9e3b6f5755	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm	145c47237014a0d3b92273ad9863060c4dde48fd83ccdc814e191954d78ebe22	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	6956938a6a4fe95cf34e7ca74679f803adf1b6f81a672115b710c8cd78e81d89	-	ol8_x86_64_appstream
	mod_session-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	0383a22d77e965c2701aa43ef357b8c2940b88ac7db81d14c53691c1a988ae74	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb.x86_64.rpm	a6ed4fa980a5f7c8b47d144f501dcee4573803ab9ba2d97d5adadb007413f572	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691