Stay Connected:

ELSA-2022-0258

ELSA-2022-0258 - httpd:2.4 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-01-25

Description


httpd
[2.4.37-43.1.0.1]
- scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798]
- fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.37-43.1]
- Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
overflow when parsing multipart content

mod_http2
[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage


Related CVEs


CVE-2021-44790

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.src.rpmcd9ad6fb2d49f317d15d6577c23b33ca-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpmd4bbe6c1fcdd8f809bd286308de3a0bc-
httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpma58f36c60871eefa8852a5c5650efd74-
httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpmdac51c96691228ee6a89e2db1a461491-
httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpmbd0580c97932ed3c6795df2ba8d5a59c-
httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpme02a8d1d90baf978b97b832638954307-
httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm0d96a11524f8d6be872802518f3f1e36-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpmc96f1ce00150115f21de9ae2b1292791-
mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpme33350972c0b0b697fc80dee0ed30f45-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpmb349fe48e242e2c2ae5af10a13664a88-
mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpmbbd5c0a749013887d6bc05d7bc45a9f5-
mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpma34a73ceeef7671c34f333f7f60bdc13-
mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpme1f439181c8ad7d6227e99467e8533c8-
Oracle Linux 8 (x86_64) httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.src.rpmcd9ad6fb2d49f317d15d6577c23b33ca-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpme320fdccb7dc34b2dc9965af2f24d07b-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpmd4bbe6c1fcdd8f809bd286308de3a0bc-
httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmf932b8eca9c77a8379c56ff7848839b4-
httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm11f2ae1fbb9f73c35a19a15bb9528b52-
httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpmbd0580c97932ed3c6795df2ba8d5a59c-
httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpme02a8d1d90baf978b97b832638954307-
httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm755d0ef6f9d23888c05faf43132d34e8-
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm63cf91b96c95af5dcba2af37b59ba747-
mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm3907f58c67955dab73c8d9ff2598d394-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm909f339e1848be0fc4ffe01e7edd7ccc-
mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm38ffe9de6ed163d9c1adeb851ebb59bb-
mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm0c8ef0aae99b9d55326c365cca264c70-
mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpmdbd2f1c1b3fad44779157c67d9c27587-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights