Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Oracle Linux 9: ELSA-2023-1670 Critical: Httpd Http Request Splitting

oracle
Calendar Grey April 6, 2023
Oracle Linux Logo Esm H88
Crucial security patch for Oracle Linux 9 tackling CVE-2023-25690 pertaining to httpd and mod_http2 modules.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.53-7.0.1.5] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy mod_http2 [1.15.19-3.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.19-3] - Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations

Topics%20covered

Topics Covered

security advisory critical update httpd security patch Oracle Linux mod_http2 http request splitting

SRPMs

https://oss.oracle.com:443/ol9/SRPMS-updates//httpd-2.4.53-7.0.1.el9_1.5.src.rpm https://oss.oracle.com:443/ol9/SRPMS-updates//mod_http2-1.15.19-3.el9_1.5.src.rpm

x86_64

httpd-2.4.53-7.0.1.el9_1.5.x86_64.rpm httpd-core-2.4.53-7.0.1.el9_1.5.x86_64.rpm httpd-devel-2.4.53-7.0.1.el9_1.5.x86_64.rpm httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm httpd-tools-2.4.53-7.0.1.el9_1.5.x86_64.rpm mod_http2-1.15.19-3.el9_1.5.x86_64.rpm mod_ldap-2.4.53-7.0.1.el9_1.5.x86_64.rpm mod_lua-2.4.53-7.0.1.el9_1.5.x86_64.rpm mod_proxy_html-2.4.53-7.0.1.el9_1.5.x86_64.rpm mod_session-2.4.53-7.0.1.el9_1.5.x86_64.rpm mod_ssl-2.4.53-7.0.1.el9_1.5.x86_64.rpm

aarch64

httpd-2.4.53-7.0.1.el9_1.5.aarch64.rpm httpd-core-2.4.53-7.0.1.el9_1.5.aarch64.rpm httpd-devel-2.4.53-7.0.1.el9_1.5.aarch64.rpm httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm httpd-tools-2.4.53-7.0.1.el9_1.5.aarch64.rpm mod_http2-1.15.19-3.el9_1.5.aarch64.rpm mod_ldap-2.4.53-7.0.1.el9_1.5.aarch64.rpm mod_lua-2.4.53-7.0.1.el9_1.5.aarch64.rpm mod_proxy_html-2.4.53-7.0.1.el9_1.5.aarch64.rpm mod_session-2.4.53-7.0.1.el9_1.5.aarch64.rpm mod_ssl-2.4.53-7.0.1.el9_1.5.aarch64.rpm

Severity
critical
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2023-25690

Topics%20covered

Topics Covered

security advisory critical update httpd security patch Oracle Linux mod_http2 http request splitting

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here