ELSA-2021-4257

ELSA-2021-4257 - httpd:2.4 security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-11-16

Description

httpd
[2.4.37-41.0.1]
- Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-41]
- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo

[2.4.37-40]
- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1937334 - SSLProtocol with based virtual hosts

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources

Related CVEs

CVE-2021-30641

CVE-2021-26690

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpm	6aa23a520aea7dd696f940b3c8e7709a394ffd67bd4e69270a85747ada12cdf7	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_aarch64_appstream
	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	656d046d10c48464918c088b41d9507e6753139800de97467ee3b4a205a33152	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	6c5faccec07f10bc561067f93e6fa46d49e38dd474e5a3c83d786321194a8bff	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm	98c98e47c0e0ffc0645546822be0f04a187bfe30c4c53db3f60e29cb52a65504	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm	1bf0a83e5f7d2c645340533824758f9d5e53959cc7af9e780cc32583b033b8e6	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	f827c28221a9632d18e09d309651f9119a16f010003d626a367355186272063f	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	48c211ad4477b6c8230e9683533f757a3549be1d1e25f509cdfce3a8d2f318b6	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	8cfedc00c5ad1423f7d1761e8185312ac26f68ee2eef1f064fdf814fc1c6653a	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpm	59828ad0b80a3834a86568cf0b9789c1f921dfc22ea814250ce6846afb30ba5f	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	db700e5bb350ed5c79df4841c8b88797166f42ee381c1cb9f1b4c5974ee62ff7	-	ol8_aarch64_appstream
	mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	957a6d475885d23e8768041486cf7340ea4713295825a998c08572eef8bd0894	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm	b7413affdf53ec278f514bfc5fbb76e28a37aac5f6a2c6a40d43b837b18b61cf	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpm	6aa23a520aea7dd696f940b3c8e7709a394ffd67bd4e69270a85747ada12cdf7	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm	964586d1cb6f8a232b71f89b8f82f4970b2c0e1c1300d1fac8d7a902dfe879cb	-	ol8_x86_64_appstream
	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	5e4b5e2eaab8049d32a4d7f029bfc564a02a704b037ceaba41d7c993f255c4d7	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	ca509b601dee20cba59d7134f05876601118d722b1f0dadd4ba4e7a5d91d2c4a	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm	98c98e47c0e0ffc0645546822be0f04a187bfe30c4c53db3f60e29cb52a65504	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm	1bf0a83e5f7d2c645340533824758f9d5e53959cc7af9e780cc32583b033b8e6	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	80e0c2c1db2ec9ef0dd08440ff99fea1a669958bf6439dca184f316b4b6150d8	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	2aaaad69193253ef2e42e24a199ca542ce5a5958773ab46180b297744cfa4706	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	b48f0cef35c2ea4761e5179233beb0747f5ceec59be12594355f12f2ebe376f1	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm	145c47237014a0d3b92273ad9863060c4dde48fd83ccdc814e191954d78ebe22	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	a8553c9f7f7dd4d42ef3fcc54ee0e1532e3720b025527e286ebe895f5ec2d42f	-	ol8_x86_64_appstream
	mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	57d35d6a14e4f7342458230f4957994b27c9524f6849a632dc883ada7bf5b46a	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm	48dc1e57944413a0886c6b4eaff92dc9fcfe14ecab41884fa546bd39c3728244	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team