ELSA-2023-0852

ULN >
Oracle Linux Errata repository >
ELSA-2023-0852

ELSA-2023-0852 - httpd:2.4 security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-02-22

Description

httpd
[2.4.37-51.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

Related CVEs

CVE-2006-20001

CVE-2022-37436

CVE-2022-36760

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm	3272ead45c3afde580f205a7f0812360c3282fb441de3cf924ecc1e7fa140067	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	7097d12585cbfc92e4bfeb7429d65c23c66641dc478a293cea54e60eb89ad646	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	b19470316d6d073ca4e7e742d73198fb44799a0379fc409eded1c486a5a8540a	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	bf76fcae0bff5a692c07d8aaed5693d50e0603cc72007287e9f8d8849460d28c	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	f285cdcb04220117f5ff8dea8b3287e4a79b82f59665da8e0354331c003129c7	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	e57c0daa7bd60a09ea9cdcaabc6b4944701371e2b1d54892db6d6ccd2faa1e26	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	58bffd4bd12e804dc5a699224732c10e40720409e40cd5abadeca1001dc4683d	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm	835163b2ce324e919d8818a3d58e6f539c3c7de04e221bd99e6a4f11151609c2	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	5a6a2088fa7c858885e974bbf39d72075f8bccb26d3a6d22d164255e35ddb11b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	90e816bc529cd20b7b7bd5ae576fb48913574ef85bd5b33edbf84edfd0848aa8	-	ol8_aarch64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	48d737f6ff26d5dbe7997cff14e20c69612ec8419343f59be4a90df4cae45e3b	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm	cf46ca7f4e7e83a0472fa0eeda9d32dd548bde247938f0b511fc2711c1497a2a	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm	3272ead45c3afde580f205a7f0812360c3282fb441de3cf924ecc1e7fa140067	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm	7097d12585cbfc92e4bfeb7429d65c23c66641dc478a293cea54e60eb89ad646	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	6f7d9e2863240500e148192e4a1a1403a3016c486bc11021a4289f7e081c66c0	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	1a47c2c4cc3c4370b3a2832875d878444d1e1f196666fc52fa33d0d884651b39	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	f285cdcb04220117f5ff8dea8b3287e4a79b82f59665da8e0354331c003129c7	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm	e57c0daa7bd60a09ea9cdcaabc6b4944701371e2b1d54892db6d6ccd2faa1e26	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	9190ad9f3609d4c03ada05b386b2cf1fb752d05f7048c5eb9cf0ec8e434c2e8e	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm	ca8c0763ffddc969870ff6066a024ddcc5f6e6e47356010f506b699507e3618c	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	cfe37375d6d5e0ecf88a139994cdfc038e9cb024e7f8900e68cb551ec74cccbc	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	d7354ba9ce06ace0ffa57dcd08dfdb0de56c0826cb2ad39186662c0cf0ca6196	-	ol8_x86_64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	74311bbfd01b57d9508f5cec2a886f31da092568bf828200296facc8659c5c67	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm	2293a428d9c70026bd75f02846236e6db0b9b340e957c902529b243716076786	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691