ELSA-2024-5138

ELSA-2024-5138 - httpd security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-08-08

Description

[2.4.57-11.0.1.el9_4.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-11.1]
- Resolves: RHEL-46047 - httpd: Security issues via backend applications whose
response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix

Related CVEs

CVE-2024-38476

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	httpd-2.4.57-11.0.1.el9_4.1.src.rpm	dc24e70efcb6bb634cc73fb70d0f64b2ecce83353247164dca5b18bccf39451e	-	ol9_aarch64_appstream
	httpd-2.4.57-11.0.1.el9_4.1.aarch64.rpm	bd0bcb8f759d0f8942c69391b682a41e2b18b9fe9e370c8e17578d435f18d019	-	ol9_aarch64_appstream
	httpd-core-2.4.57-11.0.1.el9_4.1.aarch64.rpm	0659db6d58bc0f0971b9e66e63a09a59d2bab49aff1464a152f2ed306cd7c4d3	-	ol9_aarch64_appstream
	httpd-devel-2.4.57-11.0.1.el9_4.1.aarch64.rpm	704c4f969fa2796e33f5462d1d9caac4029d8ef6262635bc0bc8910ae7c980d9	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm	f2a2af9f9d664385176107bbcde726071cda45779bb2ac94bba575938f5b35d6	-	ol9_aarch64_appstream
	httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm	6ba34033180029c5040b1b1b71a5a27a5438da0015510e2b60d8ac1b5dd5d24f	-	ol9_aarch64_appstream
	httpd-tools-2.4.57-11.0.1.el9_4.1.aarch64.rpm	47cccef719cc4ac1446e77d06b4dfe9b65576ccd57b63db0abeda4989a2c33f8	-	ol9_aarch64_appstream
	mod_ldap-2.4.57-11.0.1.el9_4.1.aarch64.rpm	70b081fe6c83dcbd4df0153bc9d9f14cd3197b759ff737f4a9337949fff6f858	-	ol9_aarch64_appstream
	mod_lua-2.4.57-11.0.1.el9_4.1.aarch64.rpm	adbad3ca662141394b68440b55b2f85e4da906647e6ff5b1f2e423cb781d40f8	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.57-11.0.1.el9_4.1.aarch64.rpm	e07bc8bb89e163530061f01c6fa1a47b394bdbc00ffdec82f9865495fba9f5bb	-	ol9_aarch64_appstream
	mod_session-2.4.57-11.0.1.el9_4.1.aarch64.rpm	277d7054d5ece733555f8c0b39125ed986a56e0ba623cb654e9ecaedadc60db7	-	ol9_aarch64_appstream
	mod_ssl-2.4.57-11.0.1.el9_4.1.aarch64.rpm	3263f5e815f707bf466db42a01a7ea70f8b2ecdfb97d73a1f51aa3632c9b330b	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	httpd-2.4.57-11.0.1.el9_4.1.src.rpm	dc24e70efcb6bb634cc73fb70d0f64b2ecce83353247164dca5b18bccf39451e	-	ol9_x86_64_appstream
	httpd-2.4.57-11.0.1.el9_4.1.x86_64.rpm	6b072d55dc7829f63146e8b15fe8f2bb6405028b23ae0e6bacc9eed33e52f5fe	-	ol9_x86_64_appstream
	httpd-core-2.4.57-11.0.1.el9_4.1.x86_64.rpm	fe2c38555f5d6795ef6b054d52e0f3bccb6fd5b2a7d7170f012b9b503924afbe	-	ol9_x86_64_appstream
	httpd-devel-2.4.57-11.0.1.el9_4.1.x86_64.rpm	d473592559cddc776a3a5425ebfe661db40732be49346fa23f921a1879462ad3	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm	f2a2af9f9d664385176107bbcde726071cda45779bb2ac94bba575938f5b35d6	-	ol9_x86_64_appstream
	httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm	6ba34033180029c5040b1b1b71a5a27a5438da0015510e2b60d8ac1b5dd5d24f	-	ol9_x86_64_appstream
	httpd-tools-2.4.57-11.0.1.el9_4.1.x86_64.rpm	6f5f4ab745cbaa671206d1b12004b9438db4df1e23fb85385a643045c18d727a	-	ol9_x86_64_appstream
	mod_ldap-2.4.57-11.0.1.el9_4.1.x86_64.rpm	987abbe334482bf19c4b5598987f2978625ea6a49be5da20beddd726298ca401	-	ol9_x86_64_appstream
	mod_lua-2.4.57-11.0.1.el9_4.1.x86_64.rpm	6e34b194da8d1150d22f44f511302114a0ee1e5542a65257ee006b16c8c8db52	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.57-11.0.1.el9_4.1.x86_64.rpm	791107e46b940a0dafb3a09f53e49a60d25af1586cd55281673b2be4b9a4c690	-	ol9_x86_64_appstream
	mod_session-2.4.57-11.0.1.el9_4.1.x86_64.rpm	542cab1cf634c01cdd87ac8f33c2ab4184fb22927e284f5f110fa6b5fdbd814b	-	ol9_x86_64_appstream
	mod_ssl-2.4.57-11.0.1.el9_4.1.x86_64.rpm	d2cc25beccbe241ee5b8043377a7a2c26259c63eedeef589323f3731fdeb0789	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team