ELSA-2020-4751

Описание

httpd [2.4.37-13.0.1]

• Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
• Replace index.html with Oracles index page oracle_index.html

[2.4.37-30]

• Resolves: #1209162 - support logging to journald from CustomLog

[2.4.37-29]

• Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value

[2.4.37-28]

• Related: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work

[2.4.37-27]

• Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations vulnerable to open redirect
• Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential open redirect
• Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site scripting in mod_proxy error page
• Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference in mod_remoteip
• Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work
• Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive

mod_http2 [1.15.7-2]

• Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header

[1.15.7-1]

• new version 1.15.7
• Resolves: #1814236 - RFE: mod_http2 rebase
• Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown
• Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade
• Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare
• Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies

mod_md [1:2.0.8-8]

• Resolves: #1832844 - mod_md does not work with ACME server that does not provide keyChange or revokeCert resources