Stay Connected:

ELSA-2021-4537

ELSA-2021-4537 - httpd:2.4 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-11-18

Description


httpd
[2.4.37-43.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.37-43]
- Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path

[2.4.37-42]
- Resolves: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path
- Resolves: #2014063 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
mod_session

[2.4.37-41]
- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo

[2.4.37-40]
- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1937334 - SSLProtocol with based virtual hosts

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

mod_md
[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources


Related CVEs


CVE-2021-20325

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.src.rpmcde083306b1e548e361722b656f41bc4-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpm4e9d55f5898a7b954041e80198c026e9-
httpd-devel-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpmdb557a71379fdd567086e202a33edf4e-
httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.noarch.rpmdb5a3dd85bf02683d87985e92d0c00bb-
httpd-manual-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.noarch.rpm20b40d9d385e5cf02b511c7e5e0c0ff0-
httpd-tools-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpm1ea500264ddc10f62fa0dafe324baa04-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpmc96f1ce00150115f21de9ae2b1292791-
mod_ldap-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpm5cfc90cebdc3522a99b625cf3561f544-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.aarch64.rpmef9ada4ee3b92e532ee360897b872fd7-
mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpmef37aa4c906f906ec305ce199510526c-
mod_session-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpm1b99c07184cab0e194c0b4c155d99815-
mod_ssl-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.aarch64.rpm1304fad05a8cda1c9af38232ecbdb072-
Oracle Linux 8 (x86_64) httpd-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.src.rpmcde083306b1e548e361722b656f41bc4-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm14a256c7954eaccd0c33deb8b19f4928-
httpd-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm1e210638d9c78284f3a770764052a16a-
httpd-devel-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm2c4b75d60adfd158b097f958b5350a06-
httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.noarch.rpmdb5a3dd85bf02683d87985e92d0c00bb-
httpd-manual-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.noarch.rpm20b40d9d385e5cf02b511c7e5e0c0ff0-
httpd-tools-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm45fc5e89dc6c89a64b79873ff57bde8a-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm63cf91b96c95af5dcba2af37b59ba747-
mod_ldap-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpmab228f6a0eaafb812653d41a6b80aa20-
mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm4281a45471c608328e2ecc8c05fc1e70-
mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm73abe708691492b8e0d2d15eaec4ca05-
mod_session-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm9278c3e715564556233da13f556dcfea-
mod_ssl-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpma686feb89755b8f19f0047063152c729-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights