Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Oracle Linux 8 ELSA-2024-4197 Moderate: httpd HTTP Response Splitting

oracle
Calendar Grey July 5, 2024
Oracle Linux Logo Esm H88
Oracle Linux Security Update ELSU-2024-8371 provides patches for nginx related to vulnerability mitigation.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting (CVE-2023-38709) mod_http2 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [1.15.7-9.3] - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)(CVE-2023-45802) [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy [1....

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate severity httpd dos threat httpd update httpd security oracle linux

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm

x86_64

httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm

aarch64

httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm

Related CVEs: CVE-2023-38709

Topics%20covered

Topics Covered

security advisory moderate severity httpd dos threat httpd update httpd security oracle linux

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here