Описание
ELSA-2022-5163: httpd:2.4 security update (LOW)
httpd [2.4.37-47.0.1.2]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-47.2]
- Resolves: #2097247 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer dereference
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-devel
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-filesystem
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-manual
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-tools
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_http2
1.15.7-5.module+el8.6.0+20548+01710940
mod_ldap
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_session
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_ssl
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-devel
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-filesystem
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-manual
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
httpd-tools
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_http2
1.15.7-5.module+el8.6.0+20548+01710940
mod_ldap
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_session
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
mod_ssl
2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
Связанные CVE
Связанные уязвимости
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...