Oracle8: ELSA-2023-0852: httpd:2.4 Moderate Security Update

Oracle Linux Security Advisory ELSA-2023-0852

https://linux.oracle.com/errata/ELSA-2023-0852.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm
httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm
httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm
mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm
mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm

aarch64:
httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm
httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm
httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm
mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm
mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm

Related CVEs:

CVE-2006-20001
CVE-2022-36760
CVE-2022-37436




Description of changes:

httpd
[2.4.37-51.0.1.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling

_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata

What Are You Looking For?

Popular Tags

Oracle8: ELSA-2023-0852: httpd:2.4 Moderate Security Update

Summary

SRPMs

x86_64

aarch64

i386

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

It’s Not Just Windows that Gets Malware

Amazon Linux 2023, a Cloud-Optimized Linux Distro, Is Now Available

Linux 6.3-rc3 Adding Protection From Malicious Guests Hammering AMD's Secure Processor

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More

Verifying Linux Server Security: What Every Admin Needs to Know

What Linux, Windows & Mac OS Users Need to Know About VPNs

Complete Guide to Vulnerability Basics

How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

What Are You Looking For?

Popular Tags

Oracle8: ELSA-2023-0852: httpd:2.4 Moderate Security Update

Summary

SRPMs

x86_64

aarch64

i386

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By