ELSA-2024-4943

ELSA-2024-4943 - httpd security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-09-13

Description

[2.4.6-99.0.3.1]
- Opt-ins for unsafe prefix_stat and %3f [Orabug: 36904263][CVE-2024-38474][CVE-2024-38475]
- mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477]

Related CVEs

CVE-2024-38477

CVE-2024-38475

CVE-2024-38474

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label
Oracle Linux 7 (aarch64)	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_aarch64_latest
	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_aarch64_optional_latest
	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_aarch64_u9_patch
	httpd-2.4.6-99.0.3.el7_9.1.aarch64.rpm	3c866ddf93083a580b9cd33fa996a9ed	-	ol7_aarch64_latest
	httpd-2.4.6-99.0.3.el7_9.1.aarch64.rpm	3c866ddf93083a580b9cd33fa996a9ed	-	ol7_aarch64_u9_patch
	httpd-devel-2.4.6-99.0.3.el7_9.1.aarch64.rpm	17f9298c6be9bb03a13aee01d85165d2	-	ol7_aarch64_latest
	httpd-devel-2.4.6-99.0.3.el7_9.1.aarch64.rpm	17f9298c6be9bb03a13aee01d85165d2	-	ol7_aarch64_u9_patch
	httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpm	d2a6e0ae95cf50b494fccf0089db59fd	-	ol7_aarch64_latest
	httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpm	d2a6e0ae95cf50b494fccf0089db59fd	-	ol7_aarch64_u9_patch
	httpd-tools-2.4.6-99.0.3.el7_9.1.aarch64.rpm	000101c91d52bb91f227e3cc45c81599	-	ol7_aarch64_latest
	httpd-tools-2.4.6-99.0.3.el7_9.1.aarch64.rpm	000101c91d52bb91f227e3cc45c81599	-	ol7_aarch64_u9_patch
	mod_ldap-2.4.6-99.0.3.el7_9.1.aarch64.rpm	5f9dcc5c2de0d20e6c49a2673d4f4f42	-	ol7_aarch64_optional_latest
	mod_proxy_html-2.4.6-99.0.3.el7_9.1.aarch64.rpm	5191199bf63a05163ec7092db10e3ef8	-	ol7_aarch64_optional_latest
	mod_session-2.4.6-99.0.3.el7_9.1.aarch64.rpm	0030e12a7571d7e6d7f7937db5a69987	-	ol7_aarch64_latest
	mod_session-2.4.6-99.0.3.el7_9.1.aarch64.rpm	0030e12a7571d7e6d7f7937db5a69987	-	ol7_aarch64_u9_patch
	mod_ssl-2.4.6-99.0.3.el7_9.1.aarch64.rpm	dd07eb54cc52f7f74a9a10c83d668fb6	-	ol7_aarch64_latest
	mod_ssl-2.4.6-99.0.3.el7_9.1.aarch64.rpm	dd07eb54cc52f7f74a9a10c83d668fb6	-	ol7_aarch64_u9_patch
Oracle Linux 7 (x86_64)	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_x86_64_latest
	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_x86_64_optional_latest
	httpd-2.4.6-99.0.3.el7_9.1.src.rpm	085670aaa0b5a62c65812f29010c210d	-	ol7_x86_64_u9_patch
	httpd-2.4.6-99.0.3.el7_9.1.x86_64.rpm	14375e3f5c1bc6f83094083df263d496	-	ol7_x86_64_latest
	httpd-2.4.6-99.0.3.el7_9.1.x86_64.rpm	14375e3f5c1bc6f83094083df263d496	-	ol7_x86_64_u9_patch
	httpd-devel-2.4.6-99.0.3.el7_9.1.x86_64.rpm	22e6f93e193eb972178f8f0f5337cf11	-	ol7_x86_64_latest
	httpd-devel-2.4.6-99.0.3.el7_9.1.x86_64.rpm	22e6f93e193eb972178f8f0f5337cf11	-	ol7_x86_64_u9_patch
	httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpm	d2a6e0ae95cf50b494fccf0089db59fd	-	ol7_x86_64_latest
	httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpm	d2a6e0ae95cf50b494fccf0089db59fd	-	ol7_x86_64_u9_patch
	httpd-tools-2.4.6-99.0.3.el7_9.1.x86_64.rpm	3f42b04d0215560b4366474a0627f1b0	-	ol7_x86_64_latest
	httpd-tools-2.4.6-99.0.3.el7_9.1.x86_64.rpm	3f42b04d0215560b4366474a0627f1b0	-	ol7_x86_64_u9_patch
	mod_ldap-2.4.6-99.0.3.el7_9.1.x86_64.rpm	da1a0aa186782c402aff535cc46dcece	-	ol7_x86_64_optional_latest
	mod_proxy_html-2.4.6-99.0.3.el7_9.1.x86_64.rpm	d778c0d006cf34d5529e54782ebeb426	-	ol7_x86_64_optional_latest
	mod_session-2.4.6-99.0.3.el7_9.1.x86_64.rpm	727c11ad251f71b0323992331cb6ca22	-	ol7_x86_64_latest
	mod_session-2.4.6-99.0.3.el7_9.1.x86_64.rpm	727c11ad251f71b0323992331cb6ca22	-	ol7_x86_64_u9_patch
	mod_ssl-2.4.6-99.0.3.el7_9.1.x86_64.rpm	6d7a072cc255bcfdbc7bf60ceeda0e12	-	ol7_x86_64_latest
	mod_ssl-2.4.6-99.0.3.el7_9.1.x86_64.rpm	6d7a072cc255bcfdbc7bf60ceeda0e12	-	ol7_x86_64_u9_patch