ELSA-2022-0891

ULN >
Oracle Linux Errata repository >
ELSA-2022-0891

ELSA-2022-0891 - httpd:2.4 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-03-16

Description

httpd
[2.4.37-43.0.2.2]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-43.2]
- Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference
via malformed requests
- Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in
ap_escape_quotes() via malicious input

Related CVEs

CVE-2021-34798

CVE-2021-39275

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.src.rpm	476640ff82c91709b5477084450be946b2ef7c3e570f4b5daa135cae980af68c	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	41445ff9489d8a0aa9369518985141e92c3b65739d3a1e3f547b4230458bf508	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	08dcf1e56e7bf4e12c06e062af9415d38f7e3c4909ccfbfc5e09e155832b77a7	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	4923529f536a6ed3809972cc94b720f1a732b809c5ff0206d3af7ea12128390d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	a6bf92d4d7e6b6543b465a0b9441eed22bf6611644ba43b7d4c87a487c4fd255	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	7f5fecc6e701f4811376bfe367c563aea54f6a157a42d1b6593c47842e6e3a67	-	ol8_aarch64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	48c211ad4477b6c8230e9683533f757a3549be1d1e25f509cdfce3a8d2f318b6	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	ee314f67ddd38d5591732adc5e2c9054f810c6ad805c3e647076763aa35b114a	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	ea3754d6c93687fe9f4f22672e6bcd46a6e14db62a2dc80ae47de0ce5a666f3a	-	ol8_aarch64_appstream
	mod_session-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	9cfe10c2cd1548391b59af176c2303bc9426e8789968bfcb969480b1387d5563	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	b189aac55fb901adfa4a5d6d59b5889fcfad4fe17481716107dd6364e73835df	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.src.rpm	476640ff82c91709b5477084450be946b2ef7c3e570f4b5daa135cae980af68c	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	a825aa32e247302cfffb427b8ceaf978d4e2f1d294d7f523d6ea1aadb124bf2d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	e6bf0e22971e9069fd57ab85f5f3e07d6a1f0d0a3accd3d6607bc0ab66d2c25b	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	5729cb0360a76e6cac7289d6f6b80fcb5d87b35200e2cacdbcf18fd65b5ce337	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	4923529f536a6ed3809972cc94b720f1a732b809c5ff0206d3af7ea12128390d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	a6bf92d4d7e6b6543b465a0b9441eed22bf6611644ba43b7d4c87a487c4fd255	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	9e91376315ded186141c4ed1e6bdbac0695ac05187a8c1e852c4fae9316b0d2c	-	ol8_x86_64_appstream
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	2aaaad69193253ef2e42e24a199ca542ce5a5958773ab46180b297744cfa4706	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	63db382337bda515854985bfbd61d19428cc7026bc3fc5a7418a49233f0cfc3e	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	d02787cb78a6f2617aff2b5dc079edf2b2e31e5836b8f7ffad3b74c537fddb97	-	ol8_x86_64_appstream
	mod_session-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	3d899495e9ed18f2738c8cefd356c7509f1a0ea9bb20ea1b3b6f030d58a8e81d	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	51cfaffda6aad7e8ed6c75b92dff2cca34877f497a8569fcc5a5998e4ab241d6	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691