ELSA-2024-4720

ULN >
Oracle Linux Errata repository >
ELSA-2024-4720

ELSA-2024-4720 - httpd:2.4 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-07-23

Description

httpd
[2.4.37-65.0.1.1]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-65.1]
- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue
in mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output
in mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference
in mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF
in mod_rewrite (CVE-2024-39573)

mod_http2
mod_md

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.src.rpm	4afebcfc9c0e692431c711bceef3e3bc	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	cfad3ce0620e49673cb9c5f948265264	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	57baf2f70c9de0a1ab3a4a39fb97b4a0	-	ol8_aarch64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	2a4cd98f5b37fa7ca9b7c13c484ff5c0	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	c1028ce19ad2afb9e99f95659a7de0df	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	38dcc906b23d30edb71303a6e618045d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	62abf5983129665ff58ff794d6aeffac	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	3825474b66cf8a5247bd331d385c767c	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm	7a4232cd2fee5cf07d4b6cfd120ae5e8	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	ff0921549a898d9b0a922458933a997e	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm	e0cdd2c7bbe8ba7cf3614b973dd7eb66	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	62e573eae1c038a4549fe54516f3bbab	-	ol8_aarch64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	50bed9d5cec572c4b9beb012e03ee1f6	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	c98e1768a9fd6dc592f38382066d7d59	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.src.rpm	4afebcfc9c0e692431c711bceef3e3bc	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	cfad3ce0620e49673cb9c5f948265264	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	57baf2f70c9de0a1ab3a4a39fb97b4a0	-	ol8_x86_64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	c52bed777c308817646e78733d0f04c5	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	53db0ad96da080d0da22f2a476db9231	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	38dcc906b23d30edb71303a6e618045d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	62abf5983129665ff58ff794d6aeffac	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	27f876b93ada64885efa8849f294ebe1	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm	ad14667bc0eddafff0e6adcad3f51b6b	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	e3d80672f07254302e3554dd765ebac6	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm	50f77dc288425f1cdee5d05760c7dccb	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	9aa2093051ee47f8a357924e56b290b3	-	ol8_x86_64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	0279ab0736bb7ad1e4c904c9267af7ea	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	4e79a99fb058b401fe91222d6acce2c3	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691