ELSA-2023-6403

ULN >
Oracle Linux Errata repository >
ELSA-2023-6403

ELSA-2023-6403 - httpd and mod_http2 security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-11-11

Description

httpd
[2.4.57-5.0.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-5]
- Fix issue found by covscan
- Related: #2222001

[2.4.57-4]
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race

[2.4.57-3]
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice

[2.4.57-2]
- Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi

[2.4.57-1]
- Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

mod_http2
[1.15.19-5]
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

Related CVEs

CVE-2023-27522

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.57-5.0.1.el9.src.rpm	b299e97c2e94b85404df64501786e3d2cb4d404f879d039294f0cfaeb4d26e3d	-	ol9_aarch64_appstream
	mod_http2-1.15.19-5.el9.src.rpm	e6c48e5f9dcebc720b11cd142429ff6e727536b9fb7a511abb2629c0622ca030	-	ol9_aarch64_appstream
	httpd-2.4.57-5.0.1.el9.aarch64.rpm	ab0967c5f3458a3da78252c92c2fba94f8ed664f78d9163b3adf1501bc8c2772	-	ol9_aarch64_appstream
	httpd-core-2.4.57-5.0.1.el9.aarch64.rpm	afdd90b86c2dcfbc025e234b82eaaebacc27cfbc0d8a6a31976e800b9ab6f5c3	-	ol9_aarch64_appstream
	httpd-devel-2.4.57-5.0.1.el9.aarch64.rpm	01f406a7c3011cdb89672bbad65e452ace464d8b50d0dc71ab9d4de39d2892c1	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm	8800bf0f1680232b341649aea480efd8a1460c9489cb45d0fffa275e400b794e	-	ol9_aarch64_appstream
	httpd-manual-2.4.57-5.0.1.el9.noarch.rpm	80031484ea0907afb04e1b75fb136ccfd58713ab86419b7281e8e85f29b7f078	-	ol9_aarch64_appstream
	httpd-tools-2.4.57-5.0.1.el9.aarch64.rpm	aa14edfae24636c638115558a53c7adffee0624964d1ec636ec4bf9f75bf67e7	-	ol9_aarch64_appstream
	mod_http2-1.15.19-5.el9.aarch64.rpm	aa04a875ffc84712a1105130ae6f2206e91dc76587814d381aa98bf577595ffa	-	ol9_aarch64_appstream
	mod_ldap-2.4.57-5.0.1.el9.aarch64.rpm	ce1ef55c8810c5e67b8c9149fc301d391dfb55cf8018fb6f7e373ad41339a2aa	-	ol9_aarch64_appstream
	mod_lua-2.4.57-5.0.1.el9.aarch64.rpm	d589e8f00b76f40d587e24cd23c8113ac44518056d11cdbb0e18b888d42159e9	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.57-5.0.1.el9.aarch64.rpm	24473cb4a06e24977bf94743ea0eaec9fc61ae18ddc1f0b95cf5b195c49aec54	-	ol9_aarch64_appstream
	mod_session-2.4.57-5.0.1.el9.aarch64.rpm	5ad4b9d253c1001fd1dc585a5522c9802dab18280335d39a13093a2156e57c0c	-	ol9_aarch64_appstream
	mod_ssl-2.4.57-5.0.1.el9.aarch64.rpm	b69c616b3636ebe8e79beff5e29e36982af8722cb719aa4b60faaefe8d2dce36	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.57-5.0.1.el9.src.rpm	b299e97c2e94b85404df64501786e3d2cb4d404f879d039294f0cfaeb4d26e3d	-	ol9_x86_64_appstream
	mod_http2-1.15.19-5.el9.src.rpm	e6c48e5f9dcebc720b11cd142429ff6e727536b9fb7a511abb2629c0622ca030	-	ol9_x86_64_appstream
	httpd-2.4.57-5.0.1.el9.x86_64.rpm	c80dbf5a290d4585692a942386412e658ca580baa33314efb32cefd0c6f485a1	-	ol9_x86_64_appstream
	httpd-core-2.4.57-5.0.1.el9.x86_64.rpm	91689e5d49b471c6fc489b56d07f35d8d0e4451be4038f5c50d647fd4bfef3bd	-	ol9_x86_64_appstream
	httpd-devel-2.4.57-5.0.1.el9.x86_64.rpm	c80e6c1497f864dbdc8136ecc5af332c6257de65e30fa520e10e5e3410e8ee66	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm	8800bf0f1680232b341649aea480efd8a1460c9489cb45d0fffa275e400b794e	-	ol9_x86_64_appstream
	httpd-manual-2.4.57-5.0.1.el9.noarch.rpm	80031484ea0907afb04e1b75fb136ccfd58713ab86419b7281e8e85f29b7f078	-	ol9_x86_64_appstream
	httpd-tools-2.4.57-5.0.1.el9.x86_64.rpm	5fcb37b58b8ebbc22c6fce379feb01c8f2833fd7e68763bb9b16de3dec673bcc	-	ol9_x86_64_appstream
	mod_http2-1.15.19-5.el9.x86_64.rpm	1b077d4caa4cb84c82868151140e3199df7fe25695a660e69f247de9d77a742c	-	ol9_x86_64_appstream
	mod_ldap-2.4.57-5.0.1.el9.x86_64.rpm	3fa697afd6c14fb7629a8fee349577294910a354d0fdca13fc45279650ad62c0	-	ol9_x86_64_appstream
	mod_lua-2.4.57-5.0.1.el9.x86_64.rpm	36259afac955bb67d076c38e9d475ce27ef1026f27d0826543b98d20c9e3a025	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.57-5.0.1.el9.x86_64.rpm	1db95b3e85e96bd9e8655b0c66a4dac4e0b94534ec174343507458eeea285f3b	-	ol9_x86_64_appstream
	mod_session-2.4.57-5.0.1.el9.x86_64.rpm	c49dce70966566b5b3571bbd36cb7511fadf3a4ec69c7dd1275bdedb0839b66a	-	ol9_x86_64_appstream
	mod_ssl-2.4.57-5.0.1.el9.x86_64.rpm	812fd5ae070da96a5b58565566f122349fc8b6de27d8e6a4440af3635ae53915	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691