Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-4257

Опубликовано: 16 нояб. 2021
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2021-4257: httpd:2.4 security, bug fix, and enhancement update (MODERATE)

httpd [2.4.37-41.0.1]

  • Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438]
  • Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
  • Replace index.html with Oracles index page oracle_index.html

[2.4.37-41]

  • Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
  • Resolves: #1905613 - mod_ssl does not like valid certificate chain
  • Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for usertrack
  • Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
  • Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer dereference in parser
  • Resolves: #1934741 - Apache trademark update - new logo

[2.4.37-40]

  • Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
  • Resolves: #1937334 - SSLProtocol with based virtual hosts

mod_http2 [1.15.7-3]

  • Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage

mod_md [1:2.0.8-8]

  • Resolves: #1832844 - mod_md does not work with ACME server that does not provide keyChange or revokeCert resources

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module httpd:2.4 is enabled

httpd

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-devel

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-filesystem

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-manual

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-tools

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_http2

1.15.7-3.module+el8.4.0+20024+b87b2deb

mod_ldap

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_md

2.0.8-8.module+el8.3.0+7816+49791cfd

mod_proxy_html

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_session

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_ssl

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

Oracle Linux x86_64

Module httpd:2.4 is enabled

httpd

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-devel

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-filesystem

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-manual

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

httpd-tools

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_http2

1.15.7-3.module+el8.4.0+20024+b87b2deb

mod_ldap

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_md

2.0.8-8.module+el8.3.0+7816+49791cfd

mod_proxy_html

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_session

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

mod_ssl

2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271

Связанные CVE

CVE-2021-30641
CVE-2021-26690

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2021:4257

rocky
больше 3 лет назад

Moderate: httpd:2.4 security, bug fix, and enhancement update

suse-cvrf логотип

SUSE-SU-2021:2006-1

suse-cvrf
около 4 лет назад

Security update for apache2

suse-cvrf логотип

openSUSE-SU-2021:2127-1

suse-cvrf
около 4 лет назад

Security update for apache2

suse-cvrf логотип

openSUSE-SU-2021:0908-1

suse-cvrf
около 4 лет назад

Security update for apache2

suse-cvrf логотип

SUSE-SU-2021:2127-1

suse-cvrf
около 4 лет назад

Security update for apache2