Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Oracle Linux 8 ELSA-2023-0852 Moderate: Httpd Update for Security Issues

oracle
Calendar Grey February 22, 2023
Oracle Linux Logo Esm H88
Oracle Linux ELSA-2023-0853 announces a significant security patch for nginx and associated components. Further update information provided within.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling

Topics%20covered

Topics Covered

security advisory security fix moderate severity threat mitigation httpd update Oracle Linux httpd security

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm

x86_64

httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm

aarch64

httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm

Related CVEs: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436

Topics%20covered

Topics Covered

security advisory security fix moderate severity threat mitigation httpd update Oracle Linux httpd security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here