ELSA-2022-0891

ULN >
Oracle Linux Errata repository >
ELSA-2022-0891

ELSA-2022-0891 - httpd:2.4 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-03-16

Description

httpd
[2.4.37-43.0.2.2]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-43.2]
- Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference
via malformed requests
- Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in
ap_escape_quotes() via malicious input

Related CVEs

CVE-2021-34798

CVE-2021-39275

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.src.rpm	bef71a1babfb1bcde6ba3dc63453c401	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	e320fdccb7dc34b2dc9965af2f24d07b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	a06bf8b55fd1221b94880b4c2204b64d	-
	httpd-devel-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	0c5cf00ff39f3c4bb5454503e95632e0	-
	httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	80c3b2f737eab21e17fd5a6b69f01c8a	-
	httpd-manual-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	3f1576c24a5d4ed949561343a7ef5f72	-
	httpd-tools-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	87140d31bf31f64bab3f320bab1a4b4a	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm	c96f1ce00150115f21de9ae2b1292791	-
	mod_ldap-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	b20046b3fc0687401da01a1929e468a3	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	b349fe48e242e2c2ae5af10a13664a88	-
	mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	dc84f0dd472d39962a450d369d9309a6	-
	mod_session-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	b6a216286a0cdc7f269e54decc4ead5e	-
	mod_ssl-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.aarch64.rpm	4222c83dcef66c1677f2ed976f3a3b57	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.src.rpm	bef71a1babfb1bcde6ba3dc63453c401	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm	e320fdccb7dc34b2dc9965af2f24d07b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	136bcc8a028e3ab7c9d28001d22adb3a	-
	httpd-devel-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	1b74bf1ed48e0647cb94859f073b1443	-
	httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	80c3b2f737eab21e17fd5a6b69f01c8a	-
	httpd-manual-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm	3f1576c24a5d4ed949561343a7ef5f72	-
	httpd-tools-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	078828568900cfcc840c11450506f240	-
	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm	63cf91b96c95af5dcba2af37b59ba747	-
	mod_ldap-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	0b4216bab42423dff407ddc87df01a43	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	909f339e1848be0fc4ffe01e7edd7ccc	-
	mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	0a4e32540f502fa6a182c62c6f49ae03	-
	mod_session-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	6b13b5d1982fe170cbe546ac6f5b4a89	-
	mod_ssl-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm	7b69f20ab56c0211532e60aff595843b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691