Oracle8: ELSA-2023-1673: httpd:2.4 Important Security Update

Oracle Linux Security Advisory ELSA-2023-1673

https://linux.oracle.com/errata/ELSA-2023-1673.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm
httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm
httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.x86_64.rpm
mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm
mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.x86_64.rpm

aarch64:
httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
httpd-devel-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm
httpd-manual-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.noarch.rpm
httpd-tools-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.aarch64.rpm
mod_ldap-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm
mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
mod_session-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm
mod_ssl-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-5.module+el8.7.0+21029+de29ba63.4.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm

Related CVEs:

CVE-2023-25690




Description of changes:

httpd
[2.4.37-51.5.0.1]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

[2.4.37-51.5]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
  with mod_rewrite and mod_proxy

[2.4.37-51.1]
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling

mod_http2
[1.15.7-5.4]
- Resolves: #2177747 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
  with mod_rewrite and mod_proxy


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata

What Are You Looking For?

Popular Tags

Oracle8: ELSA-2023-1673: httpd:2.4 Important Security Update

Summary

SRPMs

x86_64

aarch64

i386

New Ransomware Group Uses Repurposed LockBit, Babuk Variants

Linux Kernel DoS, Info Disclosure Bugs Fixed

CISA Warns Several Old Linux Vulns Exploited in Attacks

Ubuntu 23.10 Improving PPA Management For Enhanced Security & Reliability

News

Advisories

HOWTOs

Features

Is Linux A More Secure Option Than Windows For Businesses?

How Secure Is Linux?

How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

Best Practices for PHP Security

Why Cloud Linux Is Beneficial for E-Commerce Stores

About Us

Powered By

What Are You Looking For?

Popular Tags

Oracle8: ELSA-2023-1673: httpd:2.4 Important Security Update

Summary

SRPMs

x86_64

aarch64

i386

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By