ELSA-2023-5050

ULN >
Oracle Linux Errata repository >
ELSA-2023-5050

ELSA-2023-5050 - httpd:2.4 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-09-12

Description

httpd
[2.4.37-56.0.1.7]
- Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP
response splitting

[2.4.37-56.0.1.6]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-56.6]
- Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690

[2.4.37-56.4]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[2.4.37-56]
- Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

[2.4.37-55]
- Resolves: #2155961 - prevent sscg creating /dhparams.pem

[2.4.37-54]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken

[2.4.37-53]
- Resolves: #2050888 - httpd with SSL fails to start unless hostname command
was installed

[2.4.37-52]
- Add the SNI support in mod_proxy_wstunnel module for Apache httpd
- Resolves: rhbz#2017543

mod_http2
[1.15.7-8.3]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[1.15.7-7]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken

[1.15.7-6]
- Backport SNI feature refactor
- Resolves: rhbz#2137257

mod_md

Related CVEs

CVE-2023-27522

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm	2eb718e96714153ba7b1dac9129abf219c8969c93ad7c435c7ca122caa4056ed	-	ol8_aarch64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm	3d6f0bb06f0068e25a37e18246c17d242ae7ed8a1ed84722caf3f13cd19d6834	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_aarch64_appstream_developer
	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	7f5692281bab8cd064fbb8075b51818a6c155aec38fe5bf2b75c2dd93f01cc9c	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	ee3e41d0a6af9eac15f179d2a4bcaaf5891f99ba9dc50a89344c027947eff501	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	30d424cf4e14ef820325460fb79d34fbd01ddc9d3bdf6d17a6fa1a7747591a0c	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	b85c1f1551416b72ebe60e0687240e452f4850d4fa4a1fa8aaa5d0b3f0df5af2	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	fe632d40ad2fd04da67fdc1e4ee33635393be893016801e5145dac0aa63db441	-	ol8_aarch64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.aarch64.rpm	039a962c99c66ae0f38cb9db0167e282ebd6399b947bf295eba0a066a2d6e6e5	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	b8727b769daf11cbe26292d91ab9f3e188a40e8ab95a4efc29b4c8940f6f854c	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm	97c8600bacc26dbeba30ce5cf83654348b37390c4c585336a03ea5d6c6417484	-	ol8_aarch64_appstream_developer
	mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	2621ee1607e56f59690a508fae8bcdeea20e34f9d886d0dd763565f97a9887b9	-	ol8_aarch64_appstream
	mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	5c2071bebb6728c9a9828da19fc4945edf7e78d344bd0831ec3b642a2ec15668	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm	00494ad582b8f62db4c52ddd9e73263e8c73374f437f8a3a873015d3955a00cc	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm	2eb718e96714153ba7b1dac9129abf219c8969c93ad7c435c7ca122caa4056ed	-	ol8_x86_64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm	3d6f0bb06f0068e25a37e18246c17d242ae7ed8a1ed84722caf3f13cd19d6834	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm	77cb415f475a17a3208416ca7974c44f69ff0f2e2b6f5efcadb167d625b8f69b	-	ol8_x86_64_appstream_developer
	httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	31efac9b9eda47b3347cf1a8b6283b746e6a993c2b59dbca562023db7a900cf2	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	fa9c40fd35d37ffaf6f66bb915285b7eebed3cee1cdf9110a8fcc898b3b2621a	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	30d424cf4e14ef820325460fb79d34fbd01ddc9d3bdf6d17a6fa1a7747591a0c	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm	b85c1f1551416b72ebe60e0687240e452f4850d4fa4a1fa8aaa5d0b3f0df5af2	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	efb8e9ead825bddfaa3e87f1b71c15821a531cdd72b32f0ba43951da9f241e62	-	ol8_x86_64_appstream
	mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64.rpm	43e2f09c9ede0c43a792195c2161900a2c15d4eb639661cd8bdf29fdd9a48c07	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	80ba69b8bec9fd4ab97b042c7183b483852f0964ec82b7568c69075b05cc9d8a	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm	b82d8f3ba74d9b384ac1f3557beac8bdc03cdcce1f34b6d3f87251acd182b9fb	-	ol8_x86_64_appstream_developer
	mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	305fa4330af1d36c2fe773d97cd1776a94a5565a5465b8f35ff813db7473c62e	-	ol8_x86_64_appstream
	mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	214dcec67e4a2dffa2675dace6b631a2217bde6e13214552865a861ca82e03ed	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm	f5eb1c26313e1d8305a8f6ae25af429c2c4a99779a413ef385815ef4b2e93fc2	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691