ELSA-2022-7647

ULN >
Oracle Linux Errata repository >
ELSA-2022-7647

ELSA-2022-7647 - httpd:2.4 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-11-15

Description

httpd
[2.4.37-51.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracles index page oracle_index.html

[2.4.37-51]
- Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via
ap_rwrite()
- Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS
vulnerability
- Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information
disclosure with websockets
- Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy:
X-Forwarded-For dropped by hop-by-hop mechanism
- Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in
r:parsebody
- Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible
request smuggling

[2.4.37-50]
- Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of
uninitialized value of in r:parsebody
- Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer
overflow with very large or unlimited LimitXMLRequestBody
- Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write
beyond bounds

[2.4.37-49]
- Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
dereference

[2.4.37-48]
- Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier

mod_http2
[1.15.7-5]
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
or SSRF in forward proxy configurations

[1.15.7-4]
- Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd:
Request splitting via HTTP/2 method injection and mod_proxy

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.src.rpm	729c4367f6b8134c3cb3f59693115bb9	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	93d30528c44414db63745c546d1fa47b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	7cfe6a55489b422b2f53423d7489f4d8	-
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	a34b3857843f9e6677f898b56a1f6143	-
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	f7c0944b63fb1ab15e7cda30b3a75888	-
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	56a9a02afa7bb21c05637d42cfbb9f32	-
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	51393bdd9d350a03229b05aed26e8471	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm	24cfd54660c58cc570572c00e8bb871b	-
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	22d478a319218e5bf3fcac3e4f4b79b6	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	b349fe48e242e2c2ae5af10a13664a88	-
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	ec8bc2fb0b388d2cc8da12d02d85970f	-
	mod_session-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	d4223e09f31440270b7b5b8c34bdb568	-
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.aarch64.rpm	9cbb885064d5f27868502a8e7786abc7	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.src.rpm	729c4367f6b8134c3cb3f59693115bb9	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	93d30528c44414db63745c546d1fa47b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	1a2ee9fbd71153c017ae206b55f07643	-
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	668d8f97ce8d7efadbfc15cd68cbd218	-
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	f7c0944b63fb1ab15e7cda30b3a75888	-
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.noarch.rpm	56a9a02afa7bb21c05637d42cfbb9f32	-
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	bc2a4eadc982b071a0485e2de1779c13	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm	65bcfc22399339c0e3cf32ab56b36b17	-
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	cce9886b7b7e20dbb35cd2b8140aed6f	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	909f339e1848be0fc4ffe01e7edd7ccc	-
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	1e88da72c5aca4d9557375baeb2481f5	-
	mod_session-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	ba4c57f14bbeb061e2b64ed829a5e408	-
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20778+02173b8e.x86_64.rpm	cc023f553c2eb93898c3e66cb77c48db	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691