ELSA-2021-3816

ULN >
Oracle Linux Errata repository >
ELSA-2021-3816

ELSA-2021-3816 - httpd:2.4 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2021-10-13

Description

httpd
[2.4.37-39.1.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-39.1]
- Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path
- Resolves: #2007646 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
mod_session

Related CVEs

CVE-2021-26691

CVE-2021-40438

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.src.rpm	e4fe8b5bc4488955004afb92fc3889e3	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	e320fdccb7dc34b2dc9965af2f24d07b	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	14a256c7954eaccd0c33deb8b19f4928	-
	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	c81d5f7afdb3232bbbe7bb71ddbc402c	-
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	ebf4a962bb7c3a7138c665063b08c2a0	-
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	c8b12934ff948c59f03cb4ed9a7a76e0	-
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	aacffc99b46801f605f7c41989e563fb	-
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	d45c382577f7799a2b94c4ed01673490	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	c96f1ce00150115f21de9ae2b1292791	-
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	8445662dd5203307e442d6792c823496	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpm	ef9ada4ee3b92e532ee360897b872fd7	-
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	414dcafda353aec6bfade3512e7413b1	-
	mod_session-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	ce5a56c0d36832fa3bbade742960b314	-
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.aarch64.rpm	8df74597e4c3ab7a85a90bcca110b86d	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.src.rpm	e4fe8b5bc4488955004afb92fc3889e3	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	e320fdccb7dc34b2dc9965af2f24d07b	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	14a256c7954eaccd0c33deb8b19f4928	-
	httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	33fe23044e5470d22efed7127664c044	-
	httpd-devel-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	aa84fd9000ed86592b24e6887da3d641	-
	httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	c8b12934ff948c59f03cb4ed9a7a76e0	-
	httpd-manual-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm	aacffc99b46801f605f7c41989e563fb	-
	httpd-tools-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	8f9e2468093f1554a96a098828f899e9	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	63cf91b96c95af5dcba2af37b59ba747	-
	mod_ldap-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	b831f1b29fee064030758c52b14a3fcc	-
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm	4281a45471c608328e2ecc8c05fc1e70	-
	mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	e8c5a052d01bca3d864b9850168a7868	-
	mod_session-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	d75a2fea53f528b1b4d85095febb8cfc	-
	mod_ssl-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm	c274499f119415a7d0f384a30240d841	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691