Описание
ELSA-2023-5050: httpd:2.4 security update (MODERATE)
httpd [2.4.37-56.0.1.7]
- Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP response splitting
[2.4.37-56.0.1.6]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-56.6]
- Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690
[2.4.37-56.4]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy
[2.4.37-56]
- Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte
- Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling
[2.4.37-55]
- Resolves: #2155961 - prevent sscg creating /dhparams.pem
[2.4.37-54]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken
[2.4.37-53]
- Resolves: #2050888 - httpd with SSL fails to start unless hostname command was installed
[2.4.37-52]
- Add the SNI support in mod_proxy_wstunnel module for Apache httpd
- Resolves: rhbz#2017543
mod_http2 [1.15.7-8.3]
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy
[1.15.7-7]
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken
[1.15.7-6]
- Backport SNI feature refactor
- Resolves: rhbz#2137257
mod_md
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-devel
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-filesystem
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-manual
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-tools
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_http2
1.15.7-8.module+el8.8.0+21057+13668aee.3
mod_ldap
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_session
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_ssl
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-devel
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-filesystem
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-manual
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
httpd-tools
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_http2
1.15.7-8.module+el8.8.0+21057+13668aee.3
mod_ldap
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_session
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
mod_ssl
2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
Связанные CVE
Связанные уязвимости
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...