ELSA-2022-8067

ULN >
Oracle Linux Errata repository >
ELSA-2022-8067

ELSA-2022-8067 - httpd security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-11-22

Description

[2.4.53-7.0.1]
- Replace index.html with Oracles index page oracle_index.html.

[2.4.53-7]
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
with websockets

[2.4.53-6]
- Related: #2065677 - httpd minimisation for ubi-micro

[2.4.53-5]
- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

[2.4.53-4]
- Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()

[2.4.53-3]
- Resolves: #2065677 - httpd minimisation for ubi-micro
- minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now packaged in the main httpd package

[2.4.53-1]
- new version 2.4.53
- Resolves: #2079939 - httpd rebase to 2.4.53
- Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
with core

[2.4.51-8]
- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
SetEnv or PassEnv

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 9 (aarch64)	httpd-2.4.53-7.0.1.el9.src.rpm	bbe7ab28373344ce32dbdd34718f375e	-
	httpd-2.4.53-7.0.1.el9.aarch64.rpm	aafff075b4530ede7f6dd8263be03ee2	-
	httpd-core-2.4.53-7.0.1.el9.aarch64.rpm	29e74c0809dcc3d9402c9418f0c7b6b3	-
	httpd-devel-2.4.53-7.0.1.el9.aarch64.rpm	a7c88025e0e7fe8b30c3f00bf80b0ddc	-
	httpd-filesystem-2.4.53-7.0.1.el9.noarch.rpm	da484631a6928cf2b9f47083957ba3a2	-
	httpd-manual-2.4.53-7.0.1.el9.noarch.rpm	5f0cb80e8db58958b897d5ca62fbeb0d	-
	httpd-tools-2.4.53-7.0.1.el9.aarch64.rpm	61fad0e2910956c97cd658445e553947	-
	mod_ldap-2.4.53-7.0.1.el9.aarch64.rpm	7b73709668e3717f52aa294198ea6a02	-
	mod_lua-2.4.53-7.0.1.el9.aarch64.rpm	dd4f299f154bc3fb875a89afa37bfa08	-
	mod_proxy_html-2.4.53-7.0.1.el9.aarch64.rpm	6aa8e064a5bea9360a5a4afd1f1237a7	-
	mod_session-2.4.53-7.0.1.el9.aarch64.rpm	7a2ffea521319c428738d8bdb3acd3a5	-
	mod_ssl-2.4.53-7.0.1.el9.aarch64.rpm	5aa167b4bea281c9dc8f7d5f07788446	-

Oracle Linux 9 (x86_64)	httpd-2.4.53-7.0.1.el9.src.rpm	bbe7ab28373344ce32dbdd34718f375e	-
	httpd-2.4.53-7.0.1.el9.x86_64.rpm	b2ba36069c046e5074b12b1be4ec23a9	-
	httpd-core-2.4.53-7.0.1.el9.x86_64.rpm	437471d40840bcd0c45d69920916f841	-
	httpd-devel-2.4.53-7.0.1.el9.x86_64.rpm	c3e1032c35e224275011fae05f282c3a	-
	httpd-filesystem-2.4.53-7.0.1.el9.noarch.rpm	da484631a6928cf2b9f47083957ba3a2	-
	httpd-manual-2.4.53-7.0.1.el9.noarch.rpm	5f0cb80e8db58958b897d5ca62fbeb0d	-
	httpd-tools-2.4.53-7.0.1.el9.x86_64.rpm	559c7e97ada22e19839f5e16b74a967c	-
	mod_ldap-2.4.53-7.0.1.el9.x86_64.rpm	8ec020b17a8d34e81e273d3e80a5404d	-
	mod_lua-2.4.53-7.0.1.el9.x86_64.rpm	4070b29ab84d7536cbfbfccc4a6a9551	-
	mod_proxy_html-2.4.53-7.0.1.el9.x86_64.rpm	26c00e0b5c6d0c28d792fd8ba1c0cdbf	-
	mod_session-2.4.53-7.0.1.el9.x86_64.rpm	ac42bc46814705b022fd7b32207b9e63	-
	mod_ssl-2.4.53-7.0.1.el9.x86_64.rpm	ff16a97f870f3245f00dd09da7303de0	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691