ELSA-2022-7647

ELSA-2022-7647 - httpd:2.4 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-11-15

Description

httpd
[2.4.37-51.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-51]
- Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via
ap_rwrite()
- Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS
vulnerability
- Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information
disclosure with websockets
- Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy:
X-Forwarded-For dropped by hop-by-hop mechanism
- Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in
r:parsebody
- Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible
request smuggling

[2.4.37-50]
- Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of
uninitialized value of in r:parsebody
- Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer
overflow with very large or unlimited LimitXMLRequestBody
- Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write
beyond bounds

[2.4.37-49]
- Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
dereference

[2.4.37-48]
- Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier

mod_http2
[1.15.7-5]
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
or SSRF in forward proxy configurations

[1.15.7-4]
- Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd:
Request splitting via HTTP/2 method injection and mod_proxy

Related CVEs

CVE-2022-22721

CVE-2022-28615

CVE-2022-30522

CVE-2022-30556

CVE-2022-23943

CVE-2022-28614

CVE-2022-22719

CVE-2022-29404

CVE-2022-31813

CVE-2022-26377

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.src.rpm	59536211ab7a8c84410b860feee1f541b180918ee5ba6b453427dfd90518aa7f	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	7097d12585cbfc92e4bfeb7429d65c23c66641dc478a293cea54e60eb89ad646	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	f0ebab74a267fd25371aa18a061d0456b8bd6867453823cf4ba411e704356fb4	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	53df48613cc00d3fbe91428016a2821caea08a8e1e639bde396cc801170c1c99	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	975b480eb8a6c33ed923311cbf04495aebc4a4bcdcbe3fafad79be31ab484ad7	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	a8ca7b9f07bedb73d5f1ccaaa33c9ec1128367b9729cb7d0599cb96e5d91a9e4	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	b6b35de13d099c2fde467dd5258a198d418a44a443cc0486560cd127bed52678	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm	835163b2ce324e919d8818a3d58e6f539c3c7de04e221bd99e6a4f11151609c2	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	3b89c12d55457b54aa568228e58a9cdd3d47765f103d649ffbf54c5c6dd4ce02	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	96e25678f208bf61019f7ff63bbbbff808c3570010d5e433035bbe759e07c5e3	-	ol8_aarch64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	8038228d95c26dff63c471031f02d6b2d4e93637418af60dfe87af6a4d264a9b	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	e0a107c3f55e58d018941710031c493a1b34765460c0e3957cf4654ccbd9c026	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.src.rpm	59536211ab7a8c84410b860feee1f541b180918ee5ba6b453427dfd90518aa7f	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	7097d12585cbfc92e4bfeb7429d65c23c66641dc478a293cea54e60eb89ad646	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	e1c6db90533c13a691d851db3c4effdc280e6811093b48e4d66c4820f7e8ecd1	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	ed01340b50b7f682a1b6091e79ae8b23066e7c4abfb177a6e7b1f6b7f49bfc68	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	975b480eb8a6c33ed923311cbf04495aebc4a4bcdcbe3fafad79be31ab484ad7	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	a8ca7b9f07bedb73d5f1ccaaa33c9ec1128367b9729cb7d0599cb96e5d91a9e4	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	ec790826007ddd5cc4d95fd1b642804c768aba9e912b2521c57cef6f404e3ebc	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm	ca8c0763ffddc969870ff6066a024ddcc5f6e6e47356010f506b699507e3618c	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	90db9e3afa95a877b4dc66b585d533e2fbcf0e0c0dea1ff6d06600aac4f1531b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	f56103baf5ab59b097f94ea879421ea36f9ea94e600757df9b886d4e04d2f784	-	ol8_x86_64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	7216d68da817c68a5d4092f7e174659f9ef509bf8b9c94c407fa9157aaf4be3a	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	a5deaa22f02e4e1ffd3b0ee500f21da1b2b32da6701209cfd8325479deb3ed19	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team