ELSA-2022-0258

ULN >
Oracle Linux Errata repository >
ELSA-2022-0258

ELSA-2022-0258 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-01-25

Description

httpd
[2.4.37-43.1.0.1]
- scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798]
- fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.37-43.1]
- Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
overflow when parsing multipart content

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

Related CVEs

CVE-2021-44790

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.src.rpm	69264703aec893004f5e2a785a225589c76c55783bbb173df079dbc90fa850e4	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	d25b7406d48a8277641f45129142ccee88d6d5ce9025cce444c9918f88cd528f	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	606106689685c0c057a174c9bb35322cc62ac0306ea8d02e23e9a503c15be9b9	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm	7b636eb71078b8276544383769d6e2c8963d376667fcef2dc506c2c87999b9fc	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm	5904f4135a8e2b001600b7e84c588c714b3f3dc539a1e0fee66e695da0b00fc4	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	826dfe5760ca7f068741e637b5865b020ee2a291d2e660f5fe2c28a3af6edd40	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	48c211ad4477b6c8230e9683533f757a3549be1d1e25f509cdfce3a8d2f318b6	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	a7ed5f7b37510f6d1d476763bd7ea7b32fbe18dcbf40dfe5309a6f507b877ac1	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	af30d9a5c0a5c6cae72443af50fdbfbff16aebaab4df1f2ed921e7067a43083b	-	ol8_aarch64_appstream
	mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	23e04df20f0032175be80f6c56fcae473db7ade4a69f47d18cba4e877f217833	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm	5b61c03f2b864db7fa9f8211395be27a8186fd8e8c01932d8fa1877e4e98df56	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.src.rpm	69264703aec893004f5e2a785a225589c76c55783bbb173df079dbc90fa850e4	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	ba20aaa7644d155f1c78c374dad1f63741efb25823097f79662be8a5ffec6b0b	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	5a7954761b8326cc635b29e7630548f5b89b516cdfbd1cb80ae5b3d449d9aaf2	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm	7b636eb71078b8276544383769d6e2c8963d376667fcef2dc506c2c87999b9fc	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm	5904f4135a8e2b001600b7e84c588c714b3f3dc539a1e0fee66e695da0b00fc4	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	cfd2483f876857c00c2f2e57a37517b3b07cb7a8b8afb9799436ac342c33318e	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	2aaaad69193253ef2e42e24a199ca542ce5a5958773ab46180b297744cfa4706	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	87b8df9a3735cc6e39c3a298133069f794a8b5a3827d49a4e6bc401e076eeea3	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	bed210d6d36a9c4446eb33257da92310435c4407339e5092b3e4f0d929855269	-	ol8_x86_64_appstream
	mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	095ea0aedd3495f047429c40efb3ecd2c254de5324c756c741756b540a7ae5fe	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm	5520c5d214c8a26ffe26aeb7f94bfcd84a560a35c1b50bba5c477d75eb98aa35	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691