Описание
ELSA-2021-3816: httpd:2.4 security update (IMPORTANT)
httpd [2.4.37-39.1.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-39.1]
- Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path
- Resolves: #2007646 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in mod_session
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-devel
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-filesystem
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-manual
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-tools
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_md
2.0.8-8.module+el8.3.0+7816+49791cfd
mod_proxy_html
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_session
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_ssl
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-devel
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-filesystem
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-manual
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
httpd-tools
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_md
2.0.8-8.module+el8.3.0+7816+49791cfd
mod_proxy_html
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_session
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
mod_ssl
2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
Связанные CVE
Связанные уязвимости
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
