ELSA-2023-1673

ELSA-2023-1673 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2023-04-07

Description

httpd
[2.4.37-51.5.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.5]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

mod_http2
[1.15.7-5.4]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

Related CVEs

CVE-2023-25690

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.src.rpm	de6654eaf08c33d732fa87dc6bc07b49da75e89338cdc7b38a913b7380e5442b	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.src.rpm	755b1acbff93b8a1a5241edbdc8cd849544dfeaacfeb834838ed98ca1ed0bc94	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	d3f6f9fb885de774f5b109cd9a3febfaddd0d7e82afb6e4541db1266156aec63	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	edb05479fccbf60b935ac8b788ef5e1e8ca5c404cf869638d8bdd432a2218b42	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm	09f04e6e261171199bd155bf23f2f7519db812f105b49c49052aa219686b9c3d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm	d8def75e361de48efe08dbe7dce9730b6be6d10161fe22e2e19f3781823dd3a7	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	0228746a2bb8c4c77c015ff7417a1a00bff511297a37f01f23ba489da13fd94f	-	ol8_aarch64_appstream
	mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.aarch64.rpm	a78e5c41e9d733f8b8e832550d8a94749d543dc6a8335b70a3d600610804c2a9	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	db53e7c3848ed39335fa47dc31cc1f1db3833ab9ee68d752f00eabcda95cf50e	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	e51c23384f0e84fde11dff1f8548d375bcbba4bfe285c5c3f79e54dd4af5f735	-	ol8_aarch64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	a85c2a377cb877dd426ba939b67e3a827c796f71200b42ad81350ec66bb88c8d	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm	8b9b3e5ec0a41f2f3d238438534a21f124ed1eb32f031c08e60444db3bc0efc1	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.src.rpm	de6654eaf08c33d732fa87dc6bc07b49da75e89338cdc7b38a913b7380e5442b	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.src.rpm	755b1acbff93b8a1a5241edbdc8cd849544dfeaacfeb834838ed98ca1ed0bc94	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	24f2d683810d719b0626df9d37f2f7d1bff0e0a44340a5c4a54cf9e4d67ac7cb	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	b877d1235f85a7df67f86dd87601c615c42ffb137eebc85c7ab78e7c3a0a0c27	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm	09f04e6e261171199bd155bf23f2f7519db812f105b49c49052aa219686b9c3d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm	d8def75e361de48efe08dbe7dce9730b6be6d10161fe22e2e19f3781823dd3a7	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	8360850264fde18664ebeb1785fd696e483fd4272528a04c6055c07df07559e2	-	ol8_x86_64_appstream
	mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.x86_64.rpm	29ce2d7fd960ce26dcf4bb3013e4363bff54d4d09b1ec6c018e8db7efe59af20	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	b31584937fb12f722ac25f6bbe3724a6f3bb34f482c5aaef40bfc581a1f9e4ed	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	36220064d92a2e5182422334834f59cee7981fca77dc8d3b7adbad85c5fb3e1a	-	ol8_x86_64_appstream
	mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	d86d5655efac37c199e0dc47659621f1d49faab56c11e5af3afc2f286e22587d	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm	d7ac7a9967efb5a94675feb36b0ccd2dc62fc51bb9daeddcf828d9e6b2ee59a3	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team