ELSA-2022-8067

ULN >
Oracle Linux Errata repository >
ELSA-2022-8067

ELSA-2022-8067 - httpd security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-11-22

Description

[2.4.53-7.0.1]
- Replace index.html with Oracles index page oracle_index.html.

[2.4.53-7]
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
with websockets

[2.4.53-6]
- Related: #2065677 - httpd minimisation for ubi-micro

[2.4.53-5]
- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

[2.4.53-4]
- Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()

[2.4.53-3]
- Resolves: #2065677 - httpd minimisation for ubi-micro
- minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now packaged in the main httpd package

[2.4.53-1]
- new version 2.4.53
- Resolves: #2079939 - httpd rebase to 2.4.53
- Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
with core

[2.4.51-8]
- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
SetEnv or PassEnv

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.53-7.0.1.el9.src.rpm	14e230c38d857c71d01105911049441fd3c3c30f7c596bc3cc46c8a7ac1f955e	-	ol9_aarch64_appstream
	httpd-2.4.53-7.0.1.el9.aarch64.rpm	bf87b078823a425ae00c69081044727551e4b3379b1ec264db5fbeaa09b517c0	-	ol9_aarch64_appstream
	httpd-core-2.4.53-7.0.1.el9.aarch64.rpm	ee51faf6370ebc1e8463b81c5c366df6e4326705778d365c77c8b46bbf4b627f	-	ol9_aarch64_appstream
	httpd-devel-2.4.53-7.0.1.el9.aarch64.rpm	aee8f4b39ca6ffe8ee11dbef1da5173229a783908312cc8423a3f88c7e1b0262	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.53-7.0.1.el9.noarch.rpm	9ada4c1deb69e059b0a9c43782c147abc0570a8c30f850cb322544f62e2e3bc2	-	ol9_aarch64_appstream
	httpd-manual-2.4.53-7.0.1.el9.noarch.rpm	75f6dcfe505ebe0a3a32dc11e6444b6cda293e32923044f66a72704c48432534	-	ol9_aarch64_appstream
	httpd-tools-2.4.53-7.0.1.el9.aarch64.rpm	d2ea0a5d0967ef27dbed8492ce1cf1a427e9e1d9c129529845aee3591f84da46	-	ol9_aarch64_appstream
	mod_ldap-2.4.53-7.0.1.el9.aarch64.rpm	29ba566f306bd50fbd495d3fad3905db09c73603b03f3e9dc40847bc34c86d5a	-	ol9_aarch64_appstream
	mod_lua-2.4.53-7.0.1.el9.aarch64.rpm	6f6d40a08d031eb2413bb8c7dc4d4c5d152f192d430e0910208132fef712ced6	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.53-7.0.1.el9.aarch64.rpm	7eb9561927badb6065c4bf3ed274ed3e77c149c017e6ea176e8c11ce01c589c2	-	ol9_aarch64_appstream
	mod_session-2.4.53-7.0.1.el9.aarch64.rpm	e388a0a689706ca9b03632aa124dc193bca7669c622913fbe0c704ff3cfb616c	-	ol9_aarch64_appstream
	mod_ssl-2.4.53-7.0.1.el9.aarch64.rpm	7b0885cde6e7ea172dd7c3a5624b835371ccc05b81a5564d3e72fca8652d981b	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.53-7.0.1.el9.src.rpm	14e230c38d857c71d01105911049441fd3c3c30f7c596bc3cc46c8a7ac1f955e	-	ol9_x86_64_appstream
	httpd-2.4.53-7.0.1.el9.x86_64.rpm	6afa78d731ccc2e7f248dca6d943374ecce5b9889606a587299e546a099acf8b	-	ol9_x86_64_appstream
	httpd-core-2.4.53-7.0.1.el9.x86_64.rpm	931da38e7fc5a2af2bf7e8fe5b8359d7b49067a93480ae2a37d8dea6d72a9247	-	ol9_x86_64_appstream
	httpd-devel-2.4.53-7.0.1.el9.x86_64.rpm	d1311683ce482d6a38aa80350112c3fdc61ae6c4699e5215e236d37458238ddb	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.53-7.0.1.el9.noarch.rpm	9ada4c1deb69e059b0a9c43782c147abc0570a8c30f850cb322544f62e2e3bc2	-	ol9_x86_64_appstream
	httpd-manual-2.4.53-7.0.1.el9.noarch.rpm	75f6dcfe505ebe0a3a32dc11e6444b6cda293e32923044f66a72704c48432534	-	ol9_x86_64_appstream
	httpd-tools-2.4.53-7.0.1.el9.x86_64.rpm	e50a4a2e3ee2cf49fa38328622c6d7d2556252411d51ceb43c0e12e24051d77b	-	ol9_x86_64_appstream
	mod_ldap-2.4.53-7.0.1.el9.x86_64.rpm	21f14d72e56aa01ef988aa959e6610068a85cbda81d465e3bbe2466eef703e64	-	ol9_x86_64_appstream
	mod_lua-2.4.53-7.0.1.el9.x86_64.rpm	adab31f55a725afa17d97f51999632976605a4c8c6200c7e7789f8e57f33caa0	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.53-7.0.1.el9.x86_64.rpm	bc2992a32067b310af967104ad0323d51cbe95729b6cb0448ccc340ba79e5b26	-	ol9_x86_64_appstream
	mod_session-2.4.53-7.0.1.el9.x86_64.rpm	44e10e9a8929d6a2a3ddfa8216afef8ef32c8a2cb9603f8dcc34852885b3126f	-	ol9_x86_64_appstream
	mod_ssl-2.4.53-7.0.1.el9.x86_64.rpm	4963398bfe20a5baaf78ca63fbe4c61772075ca0da13e439f88b19bbec8760fb	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691