ELSA-2021-4257

ELSA-2021-4257 - httpd:2.4 security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2021-11-16

Description


httpd
[2.4.37-41.0.1]
- Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-41]
- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo

[2.4.37-40]
- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1937334 - SSLProtocol with based virtual hosts

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources


Related CVEs


CVE-2021-26690
CVE-2021-30641

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpmc8c6082818622f15af66ff770bf01c5b-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm04c1e191e9f0ecea2a9ffae06dfba462-
httpd-devel-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm41461ec6cc9d1128aa1d4d48b49ef7cb-
httpd-filesystem-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm4db13548394efab5c0a3f8bc198806e4-
httpd-manual-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpmc10a27d6caac2df622563687dc4995b3-
httpd-tools-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm11b541406ccde7dfafc41af5b6d9f34e-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpmc96f1ce00150115f21de9ae2b1292791-
mod_ldap-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm7afc4aef843a8ce781dd0814e0101c1f-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpmef9ada4ee3b92e532ee360897b872fd7-
mod_proxy_html-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpmd7d10679e49784a94afa6ae057051f04-
mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpmecb1c082b8da37c81277e123f997ebcb-
mod_ssl-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm7f11a642e2ae5704fceb4097e9869692-
Oracle Linux 8 (x86_64) httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpmc8c6082818622f15af66ff770bf01c5b-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpmf97de6355d34124626f09e6ffd3ea74a-
httpd-devel-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm0c7401a569a3ff190b74515be7e10398-
httpd-filesystem-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm4db13548394efab5c0a3f8bc198806e4-
httpd-manual-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpmc10a27d6caac2df622563687dc4995b3-
httpd-tools-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm15069cb4ae2cfbd6b7376b717517eccf-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm63cf91b96c95af5dcba2af37b59ba747-
mod_ldap-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm3a95cc82db9a0ce6a3966a126b2719b6-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm4281a45471c608328e2ecc8c05fc1e70-
mod_proxy_html-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm1befd64a1cbdae0aea75d7ab8afcef4c-
mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm41b7afecf79ed7f5fe0fc0b8f1adbe20-
mod_ssl-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm28328e34e8cd82ed3d3996cedb635cd3-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete