Описание
ELSA-2022-0258: httpd:2.4 security update (IMPORTANT)
httpd [2.4.37-43.1.0.1]
- scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798]
- fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html.
[2.4.37-43.1]
- Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer overflow when parsing multipart content
mod_http2 [1.15.7-3]
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-devel
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-filesystem
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-manual
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-tools
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_session
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_ssl
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-devel
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-filesystem
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-manual
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
httpd-tools
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_session
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
mod_ssl
2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
Связанные CVE
Связанные уязвимости
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mo ...