Stay Connected:

ELSA-2023-6403

ELSA-2023-6403 - httpd and mod_http2 security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2023-11-11

Description


httpd
[2.4.57-5.0.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-5]
- Fix issue found by covscan
- Related: #2222001

[2.4.57-4]
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race

[2.4.57-3]
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice

[2.4.57-2]
- Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi

[2.4.57-1]
- Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

mod_http2
[1.15.19-5]
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy


Related CVEs


CVE-2023-27522

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) httpd-2.4.57-5.0.1.el9.src.rpm91709a1222631255de8e3070468aff63-ol9_aarch64_appstream
mod_http2-1.15.19-5.el9.src.rpm7c90c72621eb4c7b3801214075b111f6-ol9_aarch64_appstream
httpd-2.4.57-5.0.1.el9.aarch64.rpme1981c08953f7d05fdb7b4e6a3d35f3a-ol9_aarch64_appstream
httpd-core-2.4.57-5.0.1.el9.aarch64.rpm4092dd652186257b10a5fe4aa7f152f0-ol9_aarch64_appstream
httpd-devel-2.4.57-5.0.1.el9.aarch64.rpme7ddbc447a7a55b5265bd288853236ea-ol9_aarch64_appstream
httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm78c7a6eb4327d6e18b623346823abb89-ol9_aarch64_appstream
httpd-manual-2.4.57-5.0.1.el9.noarch.rpm2cf2f2cf2aba53445275370b7b1beddd-ol9_aarch64_appstream
httpd-tools-2.4.57-5.0.1.el9.aarch64.rpmeee6884aba23455ca87d1ec67189500a-ol9_aarch64_appstream
mod_http2-1.15.19-5.el9.aarch64.rpmc6220bb98b3ef783fbc7ad141758e4c6-ol9_aarch64_appstream
mod_ldap-2.4.57-5.0.1.el9.aarch64.rpm61cb3bf5c5c90ee022dd79d76a71ec5e-ol9_aarch64_appstream
mod_lua-2.4.57-5.0.1.el9.aarch64.rpm7caa3e8f77296cee1cdbbe066b36ca5f-ol9_aarch64_appstream
mod_proxy_html-2.4.57-5.0.1.el9.aarch64.rpm3e4a6eca847210768ec642a58ab4adf1-ol9_aarch64_appstream
mod_session-2.4.57-5.0.1.el9.aarch64.rpm8785410392da1d38731d8f73a255d5f5-ol9_aarch64_appstream
mod_ssl-2.4.57-5.0.1.el9.aarch64.rpm9113bd55fadae240bc0ed8e19d3f4219-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) httpd-2.4.57-5.0.1.el9.src.rpm91709a1222631255de8e3070468aff63-ol9_x86_64_appstream
mod_http2-1.15.19-5.el9.src.rpm7c90c72621eb4c7b3801214075b111f6-ol9_x86_64_appstream
httpd-2.4.57-5.0.1.el9.x86_64.rpm83e3b71a4848438411dc588f1e244ed4-ol9_x86_64_appstream
httpd-core-2.4.57-5.0.1.el9.x86_64.rpm522ebe9e63587b9aa50723e377e13475-ol9_x86_64_appstream
httpd-devel-2.4.57-5.0.1.el9.x86_64.rpm0ee80539909c61802ba5d941420d6c40-ol9_x86_64_appstream
httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm78c7a6eb4327d6e18b623346823abb89-ol9_x86_64_appstream
httpd-manual-2.4.57-5.0.1.el9.noarch.rpm2cf2f2cf2aba53445275370b7b1beddd-ol9_x86_64_appstream
httpd-tools-2.4.57-5.0.1.el9.x86_64.rpme15ed05f837d1de47623f9ced37eb28d-ol9_x86_64_appstream
mod_http2-1.15.19-5.el9.x86_64.rpm7d01668074e4760364966303bae7f20b-ol9_x86_64_appstream
mod_ldap-2.4.57-5.0.1.el9.x86_64.rpmcac6d8f2a0a5c3fb8446f44ae5c9116c-ol9_x86_64_appstream
mod_lua-2.4.57-5.0.1.el9.x86_64.rpmf2216d24e1cd0c7a6519f734e5b89ed5-ol9_x86_64_appstream
mod_proxy_html-2.4.57-5.0.1.el9.x86_64.rpm15e5dfe109f0e3d06903bbf750049eb9-ol9_x86_64_appstream
mod_session-2.4.57-5.0.1.el9.x86_64.rpm9dd0c17ef4f5d8dd1ab23449cdf5c076-ol9_x86_64_appstream
mod_ssl-2.4.57-5.0.1.el9.x86_64.rpm579a773f16a7dc922a5f4bfb82121936-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights