ELSA-2023-0852

ULN >
Oracle Linux Errata repository >
ELSA-2023-0852

ELSA-2023-0852 - httpd:2.4 security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-02-22

Description

httpd
[2.4.37-51.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

Related CVEs

CVE-2006-20001

CVE-2022-37436

CVE-2022-36760

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm	cc892590075323bffe558f90f938c892	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	93d30528c44414db63745c546d1fa47b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	2876e745fc9923dc7a0dbb32bb00d6aa	-
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	4342b42e059598def1b9433da1ab8e52	-
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	7ba9538fc42516786f2f361973e70402	-
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	61221baee5054eaa53168e488f5e3cbd	-
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	020c1146fe044c762c3cabf5141df063	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm	24cfd54660c58cc570572c00e8bb871b	-
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	43bbdb78f51844073d932f249e7653b4	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	b349fe48e242e2c2ae5af10a13664a88	-
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	4ae06724556ca502d49dade6e97c0807	-
	mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	5534066bcd9ab28f0fb282f1f3abdfb7	-
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	ef7a0cecf285f4ed1fe05bff43bf11ee	-

Oracle Linux 8 (x86_64)	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm	cc892590075323bffe558f90f938c892	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	93d30528c44414db63745c546d1fa47b	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-
	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	45631c24a9c2015958bb7a61b807124b	-
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	d590297f238b226c9e7be45bc76e9a24	-
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	7ba9538fc42516786f2f361973e70402	-
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	61221baee5054eaa53168e488f5e3cbd	-
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	cd8646dbf4a53c05cce49ff639a5bf18	-
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm	65bcfc22399339c0e3cf32ab56b36b17	-
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	f28495b6e00418aab57c850d8fda1441	-
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	909f339e1848be0fc4ffe01e7edd7ccc	-
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	ea909600f34dced18edaa0bf26ed7806	-
	mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	6a38d133f088d18ba8f432ef98dd7235	-
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	424ccb9a54b6ce126472a2e2494541e6	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691