ELSA-2024-9306

ULN >
Oracle Linux Errata repository >
ELSA-2024-9306

ELSA-2024-9306 - httpd security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-11-14

Description

[2.4.62-1.0.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.62-1]
- new version 2.4.62
- Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix

[2.4.59-7]
- Resolves: RHEL-49856: htcacheclean.service missing [Install] section

[2.4.59-6]
- mod_ssl: restore SSL_OP_NO_RENEGOTIATE support
Related: RHEL-14668

[2.4.59-5]
- mod_ssl: defer ENGINE_finish() calls to a cleanup
Resolves: RHEL-36755

[2.4.59-4]
- Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers

[2.4.59-3]
- Related: RHEL-14668 - RFE: httpd rebase to 2.4.59

[2.4.59-2]
- Resolves: RHEL-35870 - httpd mod_cgi/cgid unification

[2.4.59-1]
- new version 2.4.59
- Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
- Resolves: RHEL-31856 - httpd: HTTP response splitting
(CVE-2023-38709)
- Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
modules (CVE-2024-24795)

[2.4.57-8]
- mod_xml2enc: fix media type handling
Resolves: RHEL-17686
- mod_dav: add DavBasePath
Resolves: RHEL-6600

[2.4.57-7]
- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
vulnerability (CVE-2023-31122)

[2.4.57-6]
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
- mod_dav_fs: add global mutex around lockdb interaction

[2.4.57-5]
- Fix issue found by covscan
- Related: #2222001

[2.4.57-4]
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race

[2.4.57-3]
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice

[2.4.57-2]
- Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi

[2.4.57-1]
- Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy

[2.4.53-11]
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling

[2.4.53-10]
- Resolves: #2160667 - prevent sscg creating /dhparams.pem

[2.4.53-9]
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken

[2.4.53-8]
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO

Related CVEs

CVE-2024-24795

CVE-2023-38709

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.62-1.0.1.el9.src.rpm	29fa5f7d5b5206fe1b4159018a5cd544ab9f24e33184bb51d36984f1ecc71c00	-	ol9_aarch64_appstream
	httpd-2.4.62-1.0.1.el9.aarch64.rpm	95a89785d40bbf90e06768e6eadaec649de6b287d2e4301d34ee6225fd0bddce	-	ol9_aarch64_appstream
	httpd-core-2.4.62-1.0.1.el9.aarch64.rpm	e0319e14f78165883e429c872339b07d14eb0ca009cf5cc55476581f55823b28	-	ol9_aarch64_appstream
	httpd-devel-2.4.62-1.0.1.el9.aarch64.rpm	131ebad098ebcb8a68446227c296ab45bfd97f1f9569d5b6a802cd3d7e90c845	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.62-1.0.1.el9.noarch.rpm	b0aa9b46440cb311d4a7089c1c4fc6e59bf6bcc3a3794daea27476ab7d64022c	-	ol9_aarch64_appstream
	httpd-manual-2.4.62-1.0.1.el9.noarch.rpm	f20b3a2627a0ed6fba3a2466a68630da8ba1b8697a76aecfba602c0db16c428f	-	ol9_aarch64_appstream
	httpd-tools-2.4.62-1.0.1.el9.aarch64.rpm	b980bbb860a98910dc78335eff0299dde42b39576f6845bf8d6f6966bdb89b21	-	ol9_aarch64_appstream
	mod_ldap-2.4.62-1.0.1.el9.aarch64.rpm	bb54675b808604fed75850a755a51ed2adfd50518dd189b87b1d7bcc7dffe58e	-	ol9_aarch64_appstream
	mod_lua-2.4.62-1.0.1.el9.aarch64.rpm	7d1d5c3301ad671286780b81f8acb7759f9b524e7d896a3057e403d17ba704d1	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.62-1.0.1.el9.aarch64.rpm	907be874fef7fe1d92978e06bb018bc94617fa807fc1ac0e2308f7e91af7d844	-	ol9_aarch64_appstream
	mod_session-2.4.62-1.0.1.el9.aarch64.rpm	ffc6722cebaa0037fefb8d8bc0b80febbe126c2a4eaa16e67393b8fe9711273c	-	ol9_aarch64_appstream
	mod_ssl-2.4.62-1.0.1.el9.aarch64.rpm	c12d9ff601215355241f93264c1bf5071ac13617c0725bcba858acd5b713483d	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.62-1.0.1.el9.src.rpm	29fa5f7d5b5206fe1b4159018a5cd544ab9f24e33184bb51d36984f1ecc71c00	-	ol9_x86_64_appstream
	httpd-2.4.62-1.0.1.el9.x86_64.rpm	ffd6e96864fdf1d9386f082fa03fcbe1995a20fc68d6d7e2c4f76a98a487fbf8	-	ol9_x86_64_appstream
	httpd-core-2.4.62-1.0.1.el9.x86_64.rpm	f6360e0fe4ec1e9c1f24f1aabf2dc0c0740340d2cd89ce2da8ef35a4aacb13c1	-	ol9_x86_64_appstream
	httpd-devel-2.4.62-1.0.1.el9.x86_64.rpm	f2fb7a9832eadb255649465deb949dae73b243182e6392fd88c5557c8bfc038c	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.62-1.0.1.el9.noarch.rpm	b0aa9b46440cb311d4a7089c1c4fc6e59bf6bcc3a3794daea27476ab7d64022c	-	ol9_x86_64_appstream
	httpd-manual-2.4.62-1.0.1.el9.noarch.rpm	f20b3a2627a0ed6fba3a2466a68630da8ba1b8697a76aecfba602c0db16c428f	-	ol9_x86_64_appstream
	httpd-tools-2.4.62-1.0.1.el9.x86_64.rpm	9429e7da8bd72a453d2332c909ac30b17f80bf1137cfaa7179a7eab83f7abab7	-	ol9_x86_64_appstream
	mod_ldap-2.4.62-1.0.1.el9.x86_64.rpm	b254b77b9f716a06cf9564fcb8a199c1d6945b8d097efdc37b792a96502bc109	-	ol9_x86_64_appstream
	mod_lua-2.4.62-1.0.1.el9.x86_64.rpm	ece8809c3a739cc3f483dd724319191c9e45a2bbab3e95901c22c51f9de6711b	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.62-1.0.1.el9.x86_64.rpm	b41a5314789789e40a13ea286a957671eb34371ca71e6463b2803a988b7e9685	-	ol9_x86_64_appstream
	mod_session-2.4.62-1.0.1.el9.x86_64.rpm	e3d7e788a540abbae76ae6a81e7abd1238e7634585903652c8f8719c8393755c	-	ol9_x86_64_appstream
	mod_ssl-2.4.62-1.0.1.el9.x86_64.rpm	50e1126d2f813126df250f351fc5b66e32980b4d2f910e71873a76a7e4531b37	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691