Описание
ELSA-2024-5193: httpd:2.4 security update (IMPORTANT)
httpd [2.4.37-65.2.0.1]
- Replace index.html with Oracle's index page oracle_index.html
[2.4.37-65.2]
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix
mod_http2 [1.15.7-10]
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)
mod_md
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-devel
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-filesystem
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-manual
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-tools
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_http2
1.15.7-10.module+el8.10.0+90327+96b8ea28
mod_ldap
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_md
2.0.8-8.module+el8.9.0+90011+2f9c6a23
mod_proxy_html
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_session
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_ssl
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-devel
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-filesystem
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-manual
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
httpd-tools
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_http2
1.15.7-10.module+el8.10.0+90327+96b8ea28
mod_ldap
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_md
2.0.8-8.module+el8.9.0+90011+2f9c6a23
mod_proxy_html
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_session
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
mod_ssl
2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
Связанные CVE
Связанные уязвимости
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ...
