Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Oracle Linux 7 ELSA-2022-1045 Critical: Httpd HTTP Request Smuggling

oracle
Calendar Grey March 24, 2022
Oracle Linux Logo Esm H88
Urgent security patch released for Oracle Linux 7 targeting vulnerabilities related to HTTP request smuggling found in the httpd software.
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[2.4.6-97.0.5.5] - mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle's index page oracle_index.html [2.4.6-97.5] - Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates/httpd-2.4.6-97.0.5.el7_9.5.src.rpm

x86_64

httpd-2.4.6-97.0.5.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.0.5.el7_9.5.x86_64.rpm httpd-manual-2.4.6-97.0.5.el7_9.5.noarch.rpm httpd-tools-2.4.6-97.0.5.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.0.5.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.0.5.el7_9.5.x86_64.rpm mod_session-2.4.6-97.0.5.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.0.5.el7_9.5.x86_64.rpm

aarch64

Severity
critical
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2022-22720

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.