ELSA-2024-5193

ULN >
Oracle Linux Errata repository >
ELSA-2024-5193

ELSA-2024-5193 - httpd:2.4 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-08-13

Description

httpd
[2.4.37-65.2.0.1]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-65.2]
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix

mod_http2
[1.15.7-10]
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)

mod_md

Related CVEs

CVE-2024-38476

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.src.rpm	ac1d6b998e8d7791ae8b502ff68a5bc8	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	cfad3ce0620e49673cb9c5f948265264	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	57baf2f70c9de0a1ab3a4a39fb97b4a0	-	ol8_aarch64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	36d691fc317cfb35e56fcfc64e9a4cf3	-	ol8_aarch64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	ca9d88a3bdcebe92be773a95db2b2a04	-	ol8_aarch64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	63a70872392b8ad8a8ebdb40930aea3b	-	ol8_aarch64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	daec456fd979b95cacd7e51aa0a94f90	-	ol8_aarch64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	230916c3b84486aacfb3ca893dde05e6	-	ol8_aarch64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm	7a4232cd2fee5cf07d4b6cfd120ae5e8	-	ol8_aarch64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	7da107827628e417071c3f448fb63a9e	-	ol8_aarch64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm	e0cdd2c7bbe8ba7cf3614b973dd7eb66	-	ol8_aarch64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	ae6717d619390c59a4566915a8a91be1	-	ol8_aarch64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	5fdf6c7b1d324aa56c3b31da63054a1d	-	ol8_aarch64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.aarch64.rpm	f37ca499553e7a40844e2d031afbaaba	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.src.rpm	ac1d6b998e8d7791ae8b502ff68a5bc8	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm	cfad3ce0620e49673cb9c5f948265264	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm	57baf2f70c9de0a1ab3a4a39fb97b4a0	-	ol8_x86_64_appstream
	httpd-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	71991a2826036ba452907a7ec9b9f408	-	ol8_x86_64_appstream
	httpd-devel-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	47346bc5dec041df1b9110fdfaf7d0e4	-	ol8_x86_64_appstream
	httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	63a70872392b8ad8a8ebdb40930aea3b	-	ol8_x86_64_appstream
	httpd-manual-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.noarch.rpm	daec456fd979b95cacd7e51aa0a94f90	-	ol8_x86_64_appstream
	httpd-tools-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	85ca15186e11b32c0e12dc2a4d33f872	-	ol8_x86_64_appstream
	mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm	ad14667bc0eddafff0e6adcad3f51b6b	-	ol8_x86_64_appstream
	mod_ldap-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	661b9f6fac797ce27ec232766eb17d4d	-	ol8_x86_64_appstream
	mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm	50f77dc288425f1cdee5d05760c7dccb	-	ol8_x86_64_appstream
	mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	df7062c2537e51d4fcb3f00d00767e93	-	ol8_x86_64_appstream
	mod_session-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	34611c97249f7b78c0a5483a7b8df172	-	ol8_x86_64_appstream
	mod_ssl-2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2.x86_64.rpm	64c1be59b172ba88d3e72a0d799bf359	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691