ELSA-2024-4720

ULN >
Oracle Linux Errata repository >
ELSA-2024-4720

ELSA-2024-4720 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-07-23

Description

httpd
[2.4.37-65.0.1.1]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-65.1]
- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue
in mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output
in mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference
in mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF
in mod_rewrite (CVE-2024-39573)

mod_http2
mod_md

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.src.rpm	84fd4b468593c12d9fc83f865f0bb5a2cdf4e414fefe093c0c40664f36f20dc4	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_aarch64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	d63fbb81ec4854340ef7a119215823d6dcd6ca3080c3dc4a46adfeaf8539d745	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	3d34bd71f00955b5c5127e15d9e2743b786b9fcbcb536f20ea796a33660c85f9	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	a0b63636fbed8cc09989fb0e9a04c4fa6a3a094fe43e1b475ac2c81955878fe6	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	861d82384ca237ffe3e6ee998a106a96fad307e4445b35f6df35ade542ca10b9	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	f92b1ebe11618590789a9ebdd9a37581f0bddcbffbd9f557db1d4d71bdf7bb01	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm	2d6f1764d543f08c111797b633efe8fdedb09e700bfa33786fcac45db15b2081	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	b12ee28dfa5dbbf4799e9145c65c2fb1a16906e875ce6eaad87246800e0c5b19	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm	09a6be461741ad2673d307ce619821ea92b3acadfc247ab13d17267c1c6011a6	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	d9e975ea1dee969970fc92064f839bbb23d0ac9360ac51133fe7ae3aa1894840	-	ol8_aarch64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	b04b20ddd07e34ce257f5e9f0655beeb7ae5a626355e321f2f7d99c6224fea41	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm	ddbae2ef21acd3e2621e573d89f364a0d8ff17cba5e2eaf9ab551ba692fbd504	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.src.rpm	84fd4b468593c12d9fc83f865f0bb5a2cdf4e414fefe093c0c40664f36f20dc4	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_x86_64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	7813a4c9834ac7cdea6265337985bab22a32320641edcfa271a2a3b9e0edefc8	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	38a28efd6beb9e8df1ad02dabeba10dba2e36a48968ee6dced0a9b9dfd005442	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	a0b63636fbed8cc09989fb0e9a04c4fa6a3a094fe43e1b475ac2c81955878fe6	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm	861d82384ca237ffe3e6ee998a106a96fad307e4445b35f6df35ade542ca10b9	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	5708cc7978d182faf542b91976b8f7e0ff623fd41adca7b5595482756e694213	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm	19a5a686f9dcf69a5147d9118bef9c01d8e5bd081e8fe48d69dfd02516633523	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	880267a9d4f00776049f02d7ceee66345a0cb6aeca282a777b4f3c8f57ab3681	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm	48e6e9c15ca6394c944f472135dd176c00267760d8f627ddb37e95407ebacbbb	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	b1e92d9c8ad1bc9f49f8335cceb0cdb39020aa9376b9e53cadc22d4e99f8ea42	-	ol8_x86_64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	bb1508f682644cb0e26e3307fb8961708aa40157b448bed95b0a1c18419eb1a8	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm	d2b44133e9386214594f67d544d347bb58e502875d525c933ddf01070d180a37	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691