ELSA-2023-5050

ULN >
Oracle Linux Errata repository >
ELSA-2023-5050

ELSA-2023-5050 - httpd:2.4 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-09-12

Description

httpd
[2.4.37-56.0.1.7]
- Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP
response splitting

[2.4.37-56.0.1.6]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-56.6]
- Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690

[2.4.37-56.4]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[2.4.37-56]
- Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

[2.4.37-55]
- Resolves: #2155961 - prevent sscg creating /dhparams.pem

[2.4.37-54]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken

[2.4.37-53]
- Resolves: #2050888 - httpd with SSL fails to start unless hostname command
was installed

[2.4.37-52]
- Add the SNI support in mod_proxy_wstunnel module for Apache httpd
- Resolves: rhbz#2017543

mod_http2
[1.15.7-8.3]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[1.15.7-7]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken

[1.15.7-6]
- Backport SNI feature refactor
- Resolves: rhbz#2137257

mod_md

Related CVEs

CVE-2023-27522

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm	10b75d4c4d7cc8a4edbb27b2690d0800	-	ol8_aarch64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm	50971e28e07ccf7bb9f39a9c1cde9b87	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	4b33feaf1ef0ae77320d2a6faf40deb0	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	bdd35ed16ddeee864efa665e6e0e8ef1	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	f1a531f3ceafae55ae52c8733bc5dae0	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	304edd8091a84e114849ada81f3aca99	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	068e09bc29666b7b4e50fafaa822af3b	-	ol8_aarch64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.aarch64.rpm	b29ddb42a2117e5d7b290b50dc7d234e	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	d7ce9f871eb84d88d154b710eab61d8a	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	b349fe48e242e2c2ae5af10a13664a88	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	b349fe48e242e2c2ae5af10a13664a88	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	4eb09a7bddbf505b8f4ebecd6f2c8c8c	-	ol8_aarch64_appstream
	mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	310876e77f326eaf4b429845a7a57e67	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	9425d60350c123447be9c35f668a6150	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm	10b75d4c4d7cc8a4edbb27b2690d0800	-	ol8_x86_64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm	50971e28e07ccf7bb9f39a9c1cde9b87	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	d4bbe6c1fcdd8f809bd286308de3a0bc	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	1e12a690d0c90b5877d03228270e1e96	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	20dd49d54e4e387e711b88ad3d387054	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	f1a531f3ceafae55ae52c8733bc5dae0	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	304edd8091a84e114849ada81f3aca99	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	43f28cfac3e6f4585177328da37cac32	-	ol8_x86_64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64.rpm	aab375e089107f5bf283c297efd32b6d	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	017e65b0c5d257066a3dd9f1d28df4fd	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	909f339e1848be0fc4ffe01e7edd7ccc	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	909f339e1848be0fc4ffe01e7edd7ccc	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	f42d8fe9b183f297f899280e4672e9f4	-	ol8_x86_64_appstream
	mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	ffdf658361cadc323e927c0f955621e1	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	a7674a8d0bf55f77f858505c068f9b4d	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691