Stay Connected:

ELSA-2023-1673

ELSA-2023-1673 - httpd:2.4 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-04-07

Description


httpd
[2.4.37-51.5.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.5]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

mod_http2
[1.15.7-5.4]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy


Related CVEs


CVE-2023-25690

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.src.rpm2063d8acafcfff0e94c8e57ca7c4eb89-
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.src.rpme74f367bbb55665eff7ff155f5ba8978-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpmd4bbe6c1fcdd8f809bd286308de3a0bc-
httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm55cd72e3b47054251b6a8dd536896429-
httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm9b72375d04586f91356f59f7906bd7cd-
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm958576b408e92b6a3bf992172282b8b2-
httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm6c714a86bb7cb12152e0488c805f9638-
httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm75933e6a8d40293bddbf5d1aad6a1cf7-
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.aarch64.rpm1d47f15dd68962f8950226516e41032a-
mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpmf5e6dcd51cac6762d1a917c17c5522a5-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpmb349fe48e242e2c2ae5af10a13664a88-
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpme3ab9ee2d9c53378cbca7b162e7d4933-
mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm1f6cb902d6a18f3657f4821a139932c3-
mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpmc8aa652f59fc1129740519ba640c5704-
Oracle Linux 8 (x86_64) httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.src.rpm2063d8acafcfff0e94c8e57ca7c4eb89-
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.src.rpme74f367bbb55665eff7ff155f5ba8978-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpmd4bbe6c1fcdd8f809bd286308de3a0bc-
httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm1741154981143a58110c694c1c31e331-
httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm5b81bc8978d9f5680babb6cd4220e929-
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm958576b408e92b6a3bf992172282b8b2-
httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm6c714a86bb7cb12152e0488c805f9638-
httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm0e9b70ee05ce55dafea1a14a81a87d79-
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.x86_64.rpm02ec2f0ce616a90de30eb8bb814ec32d-
mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm369ff3425c4416ab7fb4943b6c427c92-
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm909f339e1848be0fc4ffe01e7edd7ccc-
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm5d7394f382e7b75224717ac8d255f1f2-
mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm16096fe9db3cb2a4a60acba4c2e2f25c-
mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm713e9b38c27db1b7060d4dff814c6559-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights