Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Oracle Linux 8: ELSA-2024-4720 Critical: Httpd Encoding Issues and SSRF

oracle
Calendar Grey July 25, 2024
Oracle Linux Logo Esm H88
Improvements for Oracle Linux 8 tackle crucial vulnerabilities in httpd, featuring several encoding flaws and threats of SSRF.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.37-65.0.1.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) mod_http2 mod_md

Topics%20covered

Topics Covered

security advisory security update httpd important SSRF Oracle Linux encoding issues

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm

x86_64

httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm

aarch64

httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm

Severity
critical
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38477 CVE-2024-39573

Topics%20covered

Topics Covered

security advisory security update httpd important SSRF Oracle Linux encoding issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here