Описание
ELSA-2022-1049: httpd:2.4 security update (IMPORTANT)
httpd [2.4.37-43.0.2.3]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-43.3]
- Resolves: #2065247 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-devel
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-filesystem
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-manual
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-tools
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_session
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_ssl
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-devel
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-filesystem
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-manual
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
httpd-tools
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_http2
1.15.7-3.module+el8.4.0+20024+b87b2deb
mod_ldap
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_session
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
mod_ssl
2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
Связанные CVE
Связанные уязвимости
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...