ELSA-2024-5138

ULN >
Oracle Linux Errata repository >
ELSA-2024-5138

ELSA-2024-5138 - httpd security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-08-08

Description

[2.4.57-11.0.1.el9_4.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-11.1]
- Resolves: RHEL-46047 - httpd: Security issues via backend applications whose
response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix

Related CVEs

CVE-2024-38476

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.57-11.0.1.el9_4.1.src.rpm	6839d04b1f474365134beb944d517793	-	ol9_aarch64_appstream
	httpd-2.4.57-11.0.1.el9_4.1.aarch64.rpm	6338f8d9b8557ff7f2df36e7fcc1fdd6	-	ol9_aarch64_appstream
	httpd-core-2.4.57-11.0.1.el9_4.1.aarch64.rpm	ac0251835927d3d15b4fa341e8b9db77	-	ol9_aarch64_appstream
	httpd-devel-2.4.57-11.0.1.el9_4.1.aarch64.rpm	ae8cbc972638ea8388f82aaf016d7e75	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm	d3b2066816010c81d5eb7aec435e0275	-	ol9_aarch64_appstream
	httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm	7108ab45e480435b41d3bc1cebcea6d4	-	ol9_aarch64_appstream
	httpd-tools-2.4.57-11.0.1.el9_4.1.aarch64.rpm	9d39f17e3fb4b6bc9564ca635cdfe426	-	ol9_aarch64_appstream
	mod_ldap-2.4.57-11.0.1.el9_4.1.aarch64.rpm	7c0dbb7ec2f1714fa8dc662d8a9e6b32	-	ol9_aarch64_appstream
	mod_lua-2.4.57-11.0.1.el9_4.1.aarch64.rpm	eacd95a1f28a0f6c0730d7400175ad99	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.57-11.0.1.el9_4.1.aarch64.rpm	5dbb57945c825855cec1794d71f7d52f	-	ol9_aarch64_appstream
	mod_session-2.4.57-11.0.1.el9_4.1.aarch64.rpm	9b363cfbcf2102cceec20c17c3ed3283	-	ol9_aarch64_appstream
	mod_ssl-2.4.57-11.0.1.el9_4.1.aarch64.rpm	495125d38622923fa85cf73b47aaa573	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.57-11.0.1.el9_4.1.src.rpm	6839d04b1f474365134beb944d517793	-	ol9_x86_64_appstream
	httpd-2.4.57-11.0.1.el9_4.1.x86_64.rpm	541dafb6121bebf1f0f3b23f83223fc2	-	ol9_x86_64_appstream
	httpd-core-2.4.57-11.0.1.el9_4.1.x86_64.rpm	873ac1b6380a474811f278ecc760e79c	-	ol9_x86_64_appstream
	httpd-devel-2.4.57-11.0.1.el9_4.1.x86_64.rpm	8a5d142c7ca92d8fb5b8ca18eaa2ed4e	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm	d3b2066816010c81d5eb7aec435e0275	-	ol9_x86_64_appstream
	httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm	7108ab45e480435b41d3bc1cebcea6d4	-	ol9_x86_64_appstream
	httpd-tools-2.4.57-11.0.1.el9_4.1.x86_64.rpm	8044f9e8b1c89c982b2ca889fc938a90	-	ol9_x86_64_appstream
	mod_ldap-2.4.57-11.0.1.el9_4.1.x86_64.rpm	2c10a729528f5318255ba13813fc048c	-	ol9_x86_64_appstream
	mod_lua-2.4.57-11.0.1.el9_4.1.x86_64.rpm	1ef09d6e290a297027ca4f311dcfddd6	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.57-11.0.1.el9_4.1.x86_64.rpm	6c6a96254a7509180dde63ab3b23c8b8	-	ol9_x86_64_appstream
	mod_session-2.4.57-11.0.1.el9_4.1.x86_64.rpm	b580d160d42550aa72e3fda02387b7c7	-	ol9_x86_64_appstream
	mod_ssl-2.4.57-11.0.1.el9_4.1.x86_64.rpm	79a638239dee1bcba36f763cdeabe957	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691