ELSA-2022-8067

Описание

[2.4.53-7.0.1]

• Replace index.html with Oracles index page oracle_index.html.

[2.4.53-7]

• Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
• Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()
• Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
• Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
• Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
• Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
• Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets

[2.4.53-6]

• Related: #2065677 - httpd minimisation for ubi-micro

[2.4.53-5]

• Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

[2.4.53-4]

• Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()

[2.4.53-3]

• Resolves: #2065677 - httpd minimisation for ubi-micro
• minimize httpd dependencies (new httpd-core package)
• mod_systemd and mod_brotli are now packaged in the main httpd package

[2.4.53-1]

• new version 2.4.53
• Resolves: #2079939 - httpd rebase to 2.4.53
• Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core

[2.4.51-8]

• Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv