ELSA-2024-5193

ULN >
Oracle Linux Errata repository >
ELSA-2024-5193

ELSA-2024-5193 - httpd:2.4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-08-13

Description

httpd
[2.4.37-65.2.0.1]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-65.2]
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix

mod_http2
[1.15.7-10]
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)

mod_md

Related CVEs

CVE-2024-38476

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.src.rpm	76f9fdb99dccad944e061a6ad2fe2d1dc090d9cae38d936abfd3ec79dd1ca187	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_aarch64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	f65d6340c06a4e7a14d8be2fdd2b928a4c8cc2505762b0c18cfa0ec46a66c79c	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	eab9644ecd82ef250dfaef57f9adeec8f9cced3180c10cd1df2d544182da77ef	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	85cf116f8828392fc0281052f7557c0fc613247871bac11b8bacd80f42d41f8d	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	09b079f431477752249da9fb194e26a82680ee7935f5e69067501ef2d9c4d95d	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	cf4e5425d43dfa8d25975951d6ad519642be78d0768549163c42a920e27a3537	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm	2d6f1764d543f08c111797b633efe8fdedb09e700bfa33786fcac45db15b2081	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	0088d43903ba33a765f89cbb4dae97bb8475a48cf724f57e5713a0276de6c6dd	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm	09a6be461741ad2673d307ce619821ea92b3acadfc247ab13d17267c1c6011a6	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	0c5ab3b8f78b3b64d51a7fef32f9dbccfec7a7a68fbb5e5f805e7e77b7e89884	-	ol8_aarch64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	8af4a28b0dccf59ee477e6d4cea6d34ee5d12f7c7f5d2ae7aff5871b4e0e776d	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	42f16227f9219c33a43174f3d04a9fae7b64878680d2ca25628717dc532b82ea	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.src.rpm	76f9fdb99dccad944e061a6ad2fe2d1dc090d9cae38d936abfd3ec79dd1ca187	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	ecc69f6e35eaf855e6b5c80e1d11da974cf93d0a059329a87ba180f0e148f2e6	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	b87cd8c00082bf38a8aefb4fbac1eab758639da7e4dfe2387c661fb396a928c0	-	ol8_x86_64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	68ab53be2e43ed3b2db5ddcca36a6cad955be2633d7f2c643fd3f5a6a39195bc	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	acb19a465827d85ad0ff648fb2e6b8c0350b04d5019e237a32c23106e52abb18	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	85cf116f8828392fc0281052f7557c0fc613247871bac11b8bacd80f42d41f8d	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	09b079f431477752249da9fb194e26a82680ee7935f5e69067501ef2d9c4d95d	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	f3e1e1e4a77aff793db94d9d70591cfbb0b3a6f57b08cbc513e43cd9284943e4	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm	19a5a686f9dcf69a5147d9118bef9c01d8e5bd081e8fe48d69dfd02516633523	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	5bf8404e14f875483104335db4dac61a0e9d4c8ea4a6ed0ea1c6b49af62861da	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm	48e6e9c15ca6394c944f472135dd176c00267760d8f627ddb37e95407ebacbbb	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	317b1a0314bb84d363c79fc61ef525a6a18347417e28dd8d31f3bd3c1f8ee4d2	-	ol8_x86_64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	31155523df079432e574dbf83af53fa51bae14c2b54250bec5fad12b5388a557	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	adbd8ceb8daf030ce2b4c351c3e4462dce177c2be8f417c00322e0db397f956d	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691