ELSA-2024-3121

ULN >
Oracle Linux Errata repository >
ELSA-2024-3121

ELSA-2024-3121 - httpd:2.4 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-05-24

Description

httpd
[2.4.37-64.0.1]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-64]
- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read
vulnerability (CVE-2023-31122)

[2.4.37-63]
- mod_xml2enc: fix media type handling
Resolves: RHEL-14321

mod_http2
[1.15.7-10]
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)

[1.15.7-9.3]
- Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory
(incomplete fix of CVE-2023-44487)(CVE-2023-45802)

[1.15.7-8.3]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy

[1.15.7-7]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken

[1.15.7-6]
- Backport SNI feature refactor
- Resolves: rhbz#2137257

[1.15.7-5]
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
or SSRF in forward proxy configurations

[1.15.7-4]
- Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd:
Request splitting via HTTP/2 method injection and mod_proxy

[1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage

[1.15.7-2]
- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd:
Push diary crash on specifically crafted HTTP/2 header

[1.15.7-1]
- new version 1.15.7
- Resolves: #1814236 - RFE: mod_http2 rebase
- Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd:
read-after-free in h2 connection shutdown
- Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd:
mod_http2: possible crash on late upgrade
- Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd:
mod_http2: read-after-free on a string compare
- Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd:
mod_http2: DoS via slow, unneeded request bodies

[1.11.3-3]
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
large response leads to denial of service

[1.11.3-2]
- update release (#1695587)

[1.11.3-1]
- new version 1.11.3
- Resolves: #1633401 - CVE-2018-11763 mod_http2: httpd: DoS for HTTP/2
connections by continuous SETTINGS

[1.10.20-1]
- update to 1.10.20

[1.10.18-1]
- update to 1.10.18

[1.10.16-1]
- update to 1.10.16 (CVE-2018-1302)

[1.10.13-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.10.13-1]
- update to 1.10.13

[1.10.12-1]
- update to 1.10.12

[1.10.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.10.10-1]
- update to 1.10.10

[1.10.7-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1.10.7-1]
- update to 1.10.7

[1.10.6-1]
- update to 1.10.6

[1.10.5-1]
- update to 1.10.5

[1.10.1-1]
- Initial import (#1440780).

mod_md

Related CVEs

CVE-2023-31122

CVE-2023-45802

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-64.module+el8.10.0+90271+3bc76a16.src.rpm	61be3817f04bda6467c96d165b3e1831067c4338eb814d8d763ca2b7b7116929	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_aarch64_appstream
	httpd-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	a39340b38607cc32d23b4501d323b4370fe0b4824fda98ed50a0854ad365f543	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	75bf7ca8590cbcb0f3bf29b5f53b1d41a7ee17e2e8a47aba2c91a8ed2f3a2b49	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-64.module+el8.10.0+90271+3bc76a16.noarch.rpm	e05e64538b78862d5a65f9dd2fa5bd1818453198ca8b0bca127600ea05c46c5d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-64.module+el8.10.0+90271+3bc76a16.noarch.rpm	a3f637dd96a61a481b553779029138608b829315d51d3f6614fb3ab9eeee3df4	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	3066e19d7a102d78cba2041cb8a5b14ebc4d72c74a015670010c82847b75fd93	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm	2d6f1764d543f08c111797b633efe8fdedb09e700bfa33786fcac45db15b2081	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	2e606442a2db9b7b2a574cd3b6d0098e6bb5b4837aca23b893974e6ff709069c	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm	09a6be461741ad2673d307ce619821ea92b3acadfc247ab13d17267c1c6011a6	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	90d7dc0cecc671ca1195dbfa915734036d719e0e07be2e09db0492b6cf88b732	-	ol8_aarch64_appstream
	mod_session-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	15007eb4fc62ec1ead0c3d352be5c506d031f04a78e56e9e7e37d282f9c55aa3	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-64.module+el8.10.0+90271+3bc76a16.aarch64.rpm	76a66679973581b7e8245cb7f02f77742e57d6440229bc39ceef68a02059bc2b	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-64.module+el8.10.0+90271+3bc76a16.src.rpm	61be3817f04bda6467c96d165b3e1831067c4338eb814d8d763ca2b7b7116929	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_x86_64_appstream
	httpd-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	3b9dec479cdb69663cab289000baca0e790f1e3f4c4ce746495abc75b0090d61	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	e25ec86631050ac27039d19cbbb5f9fc6c9cfac8b76d785b3f4643208f12029b	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-64.module+el8.10.0+90271+3bc76a16.noarch.rpm	e05e64538b78862d5a65f9dd2fa5bd1818453198ca8b0bca127600ea05c46c5d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-64.module+el8.10.0+90271+3bc76a16.noarch.rpm	a3f637dd96a61a481b553779029138608b829315d51d3f6614fb3ab9eeee3df4	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	0d57fe23ee5c272ab9e907e53d5a3caba15964d8a5546d623f4a12def6463412	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm	19a5a686f9dcf69a5147d9118bef9c01d8e5bd081e8fe48d69dfd02516633523	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	a7f00c7eef7491ef407708c972fea6582590a795bca37611e97435a104095294	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm	48e6e9c15ca6394c944f472135dd176c00267760d8f627ddb37e95407ebacbbb	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	46896fa9da735c7b777c4251fecabb4224f9a79a7a8252eddb83bc167e90ac15	-	ol8_x86_64_appstream
	mod_session-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	bf570a7a5dc30ee86274a2535d50968eb4bb26661f6e4d511b0a62cd1bf797fc	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-64.module+el8.10.0+90271+3bc76a16.x86_64.rpm	183198e1d7dff7d6938dcaed9992a87ef4ad05a44abf686495a5d2a2cc2a53f9	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691