ELSA-2024-9306
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-9306
ELSA-2024-9306 - httpd security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2024-11-14 |
Description
[2.4.62-1.0.1]
- Replace index.html with Oracle's index page oracle_index.html.
[2.4.62-1]
- new version 2.4.62
- Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix
[2.4.59-7]
- Resolves: RHEL-49856: htcacheclean.service missing [Install] section
[2.4.59-6]
- mod_ssl: restore SSL_OP_NO_RENEGOTIATE support
Related: RHEL-14668
[2.4.59-5]
- mod_ssl: defer ENGINE_finish() calls to a cleanup
Resolves: RHEL-36755
[2.4.59-4]
- Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers
[2.4.59-3]
- Related: RHEL-14668 - RFE: httpd rebase to 2.4.59
[2.4.59-2]
- Resolves: RHEL-35870 - httpd mod_cgi/cgid unification
[2.4.59-1]
- new version 2.4.59
- Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
- Resolves: RHEL-31856 - httpd: HTTP response splitting
(CVE-2023-38709)
- Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
modules (CVE-2024-24795)
[2.4.57-8]
- mod_xml2enc: fix media type handling
Resolves: RHEL-17686
- mod_dav: add DavBasePath
Resolves: RHEL-6600
[2.4.57-7]
- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
vulnerability (CVE-2023-31122)
[2.4.57-6]
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
- mod_dav_fs: add global mutex around lockdb interaction
[2.4.57-5]
- Fix issue found by covscan
- Related: #2222001
[2.4.57-4]
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race
[2.4.57-3]
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice
[2.4.57-2]
- Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
[2.4.57-1]
- Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
[2.4.53-11]
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling
[2.4.53-10]
- Resolves: #2160667 - prevent sscg creating /dhparams.pem
[2.4.53-9]
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
[2.4.53-8]
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
Related CVEs
| CVE-2024-24795 |
| CVE-2023-38709 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | httpd-2.4.62-1.0.1.el9.src.rpm | 277752457a20f20c38261f453671a9f3 | - | ol9_aarch64_appstream |
| httpd-2.4.62-1.0.1.el9.aarch64.rpm | 78a532b1372c8990851ca3139f01c6c6 | - | ol9_aarch64_appstream | |
| httpd-core-2.4.62-1.0.1.el9.aarch64.rpm | 818ce512149fa519e1284f8ff7ba8c46 | - | ol9_aarch64_appstream | |
| httpd-devel-2.4.62-1.0.1.el9.aarch64.rpm | bdb6168c4e6a8e8897c6f5cd668cafd2 | - | ol9_aarch64_appstream | |
| httpd-filesystem-2.4.62-1.0.1.el9.noarch.rpm | 5d7704eed132ff8c3c8b9ade2ba0f169 | - | ol9_aarch64_appstream | |
| httpd-manual-2.4.62-1.0.1.el9.noarch.rpm | 5af447abff81a80a16fdc707ce4763a1 | - | ol9_aarch64_appstream | |
| httpd-tools-2.4.62-1.0.1.el9.aarch64.rpm | 134af74dc941ee0398c6829af39e654f | - | ol9_aarch64_appstream | |
| mod_ldap-2.4.62-1.0.1.el9.aarch64.rpm | f379b1c0670b3bceecf1c4a029d24e2c | - | ol9_aarch64_appstream | |
| mod_lua-2.4.62-1.0.1.el9.aarch64.rpm | 6f414da9d6e9427c0de5abce74abf55d | - | ol9_aarch64_appstream | |
| mod_proxy_html-2.4.62-1.0.1.el9.aarch64.rpm | a0915e1853d821f8aac7c2d16b8145d0 | - | ol9_aarch64_appstream | |
| mod_session-2.4.62-1.0.1.el9.aarch64.rpm | 7ab8788778c9db2c4b57d268179b4b18 | - | ol9_aarch64_appstream | |
| mod_ssl-2.4.62-1.0.1.el9.aarch64.rpm | 6ec8ae192edfd69f2ed23762e718ee59 | - | ol9_aarch64_appstream | |
| Oracle Linux 9 (x86_64) | httpd-2.4.62-1.0.1.el9.src.rpm | 277752457a20f20c38261f453671a9f3 | - | ol9_x86_64_appstream |
| httpd-2.4.62-1.0.1.el9.x86_64.rpm | ce7016009c43be11048a963fb1de9eef | - | ol9_x86_64_appstream | |
| httpd-core-2.4.62-1.0.1.el9.x86_64.rpm | febc7518649dd3d15e43fb3e58d9aeed | - | ol9_x86_64_appstream | |
| httpd-devel-2.4.62-1.0.1.el9.x86_64.rpm | d40c664c2d2b31e4e9d577b0737dc78d | - | ol9_x86_64_appstream | |
| httpd-filesystem-2.4.62-1.0.1.el9.noarch.rpm | 5d7704eed132ff8c3c8b9ade2ba0f169 | - | ol9_x86_64_appstream | |
| httpd-manual-2.4.62-1.0.1.el9.noarch.rpm | 5af447abff81a80a16fdc707ce4763a1 | - | ol9_x86_64_appstream | |
| httpd-tools-2.4.62-1.0.1.el9.x86_64.rpm | cba18ce17d3e1fe0205950f248b91192 | - | ol9_x86_64_appstream | |
| mod_ldap-2.4.62-1.0.1.el9.x86_64.rpm | 228aa18adea3a882edd48914712891f4 | - | ol9_x86_64_appstream | |
| mod_lua-2.4.62-1.0.1.el9.x86_64.rpm | 74122fb3e7bd8e6cd87094ccd92b0ed6 | - | ol9_x86_64_appstream | |
| mod_proxy_html-2.4.62-1.0.1.el9.x86_64.rpm | 342be83532bb858d0d13dfddfb8ebaf5 | - | ol9_x86_64_appstream | |
| mod_session-2.4.62-1.0.1.el9.x86_64.rpm | a5092b132195c40d664a9a9b74a883ba | - | ol9_x86_64_appstream | |
| mod_ssl-2.4.62-1.0.1.el9.x86_64.rpm | c43a9216ef27191dd5e55f54ce4db575 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
