ELSA-2024-4943

ELSA-2024-4943 - httpd security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2024-09-13

Description


[2.4.6-99.0.3.1]
- Opt-ins for unsafe prefix_stat and %3f [Orabug: 36904263][CVE-2024-38474][CVE-2024-38475]
- mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477]


Related CVEs


CVE-2024-38477
CVE-2024-38475
CVE-2024-38474

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_aarch64_latest
httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_aarch64_optional_latest
httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_aarch64_u9_patch
httpd-2.4.6-99.0.3.el7_9.1.aarch64.rpm3c866ddf93083a580b9cd33fa996a9ed-ol7_aarch64_latest
httpd-2.4.6-99.0.3.el7_9.1.aarch64.rpm3c866ddf93083a580b9cd33fa996a9ed-ol7_aarch64_u9_patch
httpd-devel-2.4.6-99.0.3.el7_9.1.aarch64.rpm17f9298c6be9bb03a13aee01d85165d2-ol7_aarch64_latest
httpd-devel-2.4.6-99.0.3.el7_9.1.aarch64.rpm17f9298c6be9bb03a13aee01d85165d2-ol7_aarch64_u9_patch
httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpmd2a6e0ae95cf50b494fccf0089db59fd-ol7_aarch64_latest
httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpmd2a6e0ae95cf50b494fccf0089db59fd-ol7_aarch64_u9_patch
httpd-tools-2.4.6-99.0.3.el7_9.1.aarch64.rpm000101c91d52bb91f227e3cc45c81599-ol7_aarch64_latest
httpd-tools-2.4.6-99.0.3.el7_9.1.aarch64.rpm000101c91d52bb91f227e3cc45c81599-ol7_aarch64_u9_patch
mod_ldap-2.4.6-99.0.3.el7_9.1.aarch64.rpm5f9dcc5c2de0d20e6c49a2673d4f4f42-ol7_aarch64_optional_latest
mod_proxy_html-2.4.6-99.0.3.el7_9.1.aarch64.rpm5191199bf63a05163ec7092db10e3ef8-ol7_aarch64_optional_latest
mod_session-2.4.6-99.0.3.el7_9.1.aarch64.rpm0030e12a7571d7e6d7f7937db5a69987-ol7_aarch64_latest
mod_session-2.4.6-99.0.3.el7_9.1.aarch64.rpm0030e12a7571d7e6d7f7937db5a69987-ol7_aarch64_u9_patch
mod_ssl-2.4.6-99.0.3.el7_9.1.aarch64.rpmdd07eb54cc52f7f74a9a10c83d668fb6-ol7_aarch64_latest
mod_ssl-2.4.6-99.0.3.el7_9.1.aarch64.rpmdd07eb54cc52f7f74a9a10c83d668fb6-ol7_aarch64_u9_patch
Oracle Linux 7 (x86_64) httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_x86_64_latest
httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_x86_64_optional_latest
httpd-2.4.6-99.0.3.el7_9.1.src.rpm085670aaa0b5a62c65812f29010c210d-ol7_x86_64_u9_patch
httpd-2.4.6-99.0.3.el7_9.1.x86_64.rpm14375e3f5c1bc6f83094083df263d496-ol7_x86_64_latest
httpd-2.4.6-99.0.3.el7_9.1.x86_64.rpm14375e3f5c1bc6f83094083df263d496-ol7_x86_64_u9_patch
httpd-devel-2.4.6-99.0.3.el7_9.1.x86_64.rpm22e6f93e193eb972178f8f0f5337cf11-ol7_x86_64_latest
httpd-devel-2.4.6-99.0.3.el7_9.1.x86_64.rpm22e6f93e193eb972178f8f0f5337cf11-ol7_x86_64_u9_patch
httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpmd2a6e0ae95cf50b494fccf0089db59fd-ol7_x86_64_latest
httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpmd2a6e0ae95cf50b494fccf0089db59fd-ol7_x86_64_u9_patch
httpd-tools-2.4.6-99.0.3.el7_9.1.x86_64.rpm3f42b04d0215560b4366474a0627f1b0-ol7_x86_64_latest
httpd-tools-2.4.6-99.0.3.el7_9.1.x86_64.rpm3f42b04d0215560b4366474a0627f1b0-ol7_x86_64_u9_patch
mod_ldap-2.4.6-99.0.3.el7_9.1.x86_64.rpmda1a0aa186782c402aff535cc46dcece-ol7_x86_64_optional_latest
mod_proxy_html-2.4.6-99.0.3.el7_9.1.x86_64.rpmd778c0d006cf34d5529e54782ebeb426-ol7_x86_64_optional_latest
mod_session-2.4.6-99.0.3.el7_9.1.x86_64.rpm727c11ad251f71b0323992331cb6ca22-ol7_x86_64_latest
mod_session-2.4.6-99.0.3.el7_9.1.x86_64.rpm727c11ad251f71b0323992331cb6ca22-ol7_x86_64_u9_patch
mod_ssl-2.4.6-99.0.3.el7_9.1.x86_64.rpm6d7a072cc255bcfdbc7bf60ceeda0e12-ol7_x86_64_latest
mod_ssl-2.4.6-99.0.3.el7_9.1.x86_64.rpm6d7a072cc255bcfdbc7bf60ceeda0e12-ol7_x86_64_u9_patch


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete