Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of serviceremote attack

Ubuntu 18.04 & 16.04: USN-6729-2 critical: Apache HTTP request splitting

Several security issues were fixed in Apache HTTP Server.. ========================================================================== Ubuntu Security Notice USN-6729-2 April 17, 2024 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709) Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795) Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6729-2 https://ubuntu.com/security/notices/USN-6729-1 CVE-2023-38709, CVE-2024-24795,CVE-2024-27316 . Ubuntu Security Notice USN-6729-3 tackles severe weaknesses in Apache HTTP Server affecting LTS editions.. Apache HTTP Server, Ubuntu Pro, Denial of Service, input validation issues. . Severity: Critical. LinuxSecurity.com Team

Apr 17, 2024 •Critical Ubuntu

security advisoryRed Hatupdate details

Red Hat JBoss 2.4.57 Moderate: Security Update Advisory RHSA-2023:4628-01

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update Advisory ID: RHSA-2023:4628-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:4628 Issue date: 2023-08-15 CVE Names: CVE-2022-24963 CVE-2022-28331 CVE-2022-36760 CVE-2022-37436 CVE-2022-48279 CVE-2023-24021 CVE-2023-27522 CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29469 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linkedto in the References. Security Fix(es): * apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963) * apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) * mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279) * modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021) * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) * curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319) * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) * libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484) * libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469) * curl: more POST-after-PUT confusion (CVE-2023-28322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2163615 - CVE-2023-24021 modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass 2163622 - CVE-2022-48279 mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass 2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2172556 - CVE-2022-28331 apr: Windows out-of-bounds write in apr_socket_sendv function 2176211 - CVE-2023-27522 httpd: mod_proxy_uwsgi HTTP response splitting 2185984- CVE-2023-29469 libxml2: Hashing of empty dict strings isn't deterministic 2185994 - CVE-2023-28484 libxml2: NULL dereference in xmlSchemaFixupComplexType 2196778 - CVE-2023-28319 curl: use after free in SSH sha256 fingerprint check 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation 2196793 - CVE-2023-28322 curl: more POST-after-PUT confusion 5. References: https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2022-28331 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/cve/CVE-2022-48279 https://access.redhat.com/security/cve/CVE-2023-24021 https://access.redhat.com/security/cve/CVE-2023-27522 https://access.redhat.com/security/cve/CVE-2023-28319 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28322 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2+CLAAoJENzjgjWX9erESfQP/j+sJs95uZkoUuvj5j8dPd4R 0yM8RYEWpgQshRN3TTNnLYsCxPqUnUb+inRcPXE6pzVEhEnbWm1LM3qrA9rumb/l UWN0gPZl5Ee7j1vScN5/6iB+z/UEfE/w7Tw1XuJOaQrf7nArf2YbT7EVce8CmSkL JeKtuCiQxjdaOCQLFHqTFYobExiRTDYT9uWIKtr9FLHJ3xq93W1fuZUx/Ymh6LoO In7HUpgSSLrbWWTa2O6ZB9glM59FRCWwQzTsmOXk0FFUioLmle917tYgKTkAYq+U 6jC7vNtFSYeAikicxoKhw9dl74NPFBelRuGg744EN0OMRfbrdo9wnjYMyToqzqaM 45JeFTPVWoWNdJ63T3rNmwVy5+EL1QtrT8mdnK/1mQz1M5Kl8d3TOK92tPbJCeXV fMwjcnSr74CQ2/TvSGWkHh+CYlH5hGdBhG0eApvtm56fZYtss9KbRT4vGDH9DlIt d6mtVhRgzpyJP0QVuGakiVqvecZuClmJqs/UwBBo8WeNyc0OwZPMAh/2kYoXbL3i 2riEzxOXIpQOiE+cTQjOVc0oPPrMu7/1zScHTokZdyLqd5hOwq00ozSXWHIg5/Lb XWXJY3wPoXFPYZf80dQW3fu+bXfd4Bypa2Dro1KdOqw3LLKcewIEarkfVX7CD+QG yDHGmKThcngP7sHDPa1q =x9kG -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical releases a security bulletin for Ubuntu Server 20.04 LTS concerning low-risk updates for Nginx 1.18.0, highlighting essential patches.. Red Hat JBoss, Apache HTTP, security update, advisory, moderate severity. . LinuxSecurity.com Team

Aug 15, 2023 Red Hat

security advisorybug fixlow severity

Red Hat JBoss 7: RHSA-2021-0486-01 Low Severity Apache HTTP Update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update Advisory ID: RHSA-2021:0486-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:0486 Issue date: 2021-02-11 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed inthe References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 6. Package List: Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-brotli-1.0.6-40.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-66.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-16.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-12.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-11.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-31.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-58.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-35.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-3.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-3.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-18.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-66.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-40.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-40.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-40.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.15.7-12.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-12.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-31.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-31.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-3.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-18.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-18.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-brotli-1.0.6-40.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-40.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-40.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-16.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-16.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-12.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-12.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-11.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-11.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-11.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-31.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-31.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-58.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-58.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-66.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-35.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-35.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-35.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-3.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-18.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-18.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-3.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.37 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYCUvTtzjgjWX9erEAQi5sA//Sj5X+VjuYCU46IYpQ0Kp0X80LzEQD79o b9kjdhnvZPjQa0xrUQuLEk20fDkbgR0GQVuWeigddYc9euO5t6cJjjG5oS6JlpIZ yUz4HQMAiLGOXihwaJzmdHVtu3oAMlxKqZABR4PllHelEk6sQksuisxerfzRvYZ4 6jxugQpJ9thuU1GYvlpPUw0lQfJohe3+lqF5hbkbEE0pFqdgMvtn5wwFufMOe/zJ GAAwuDh104a8hhPwsVTFaPV56Y3tC29ykYOQmL6+6hijDDTfUAWgnauS6psmlV7M XgRgT8P3Ry79lEjG7N8Ffyc1JJnuihQZ+Hcn7V93p2Sxr+bqyHxnAiVs1HEL1W/E NMCA/zv7FQ896UksNUFuTCYmd1fR/XhqtdWM8xDCjkbV8PagS0Ua42MZNT5jb46/ UvebsT195VD6hP6PvdjzBvMgW79Q12EoiiJ08JiWLLcHZvkt1gPtb8zBRSUQ4Dsd KLhyyk262d3LlpE05rJhHmgJXpUNLObCTIx1lyFHhQn7owSWRgFjXZsaiYT/SpGT z6aQ3xDoWqG9haB6ZD9PskW3i9Zw9S6n9aFUY5g7PSsu37gT7nohqZrwKG47A4Rx 64xPQAfrAKBF4xroywWX2gdnuLFD4EKlDjf4rzElwouQPYauVxqN7DtPBjFNuaiL ncCgRdTojCc=rpgi -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical maintenance release for Red Hat JBoss Core Services Apache HTTP, correcting issues of minimal severity alongside several enhancements.. Red Hat JBoss, Apache Server, security update, service pack, bug fixes. . Severity: Low. LinuxSecurity.com Team

Feb 11, 2021 •Low Red Hat

security advisorymoderatered hat

Red Hat JBoss Apache HTTP Server 2.4.37 Moderate Security Update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update Advisory ID: RHSA-2020:4384-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:4384 Issue date: 2020-10-28 CVE Names: CVE-2019-1551 CVE-2019-5435 CVE-2020-11984 CVE-2020-11993 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * curl: Integeroverflows in curl_url_set() function (CVE-2019-5435) * openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551) * httpd: mod_http2 concurrent pool usage (CVE-2020-11993) * httpd: mod_proxy_uswgi buffer overflow (CVE-2020-11984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1710609 - CVE-2019-5435 curl: Integer overflows in curl_url_set() function 1780995 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular exponentiation on x86_64 1866563 - CVE-2020-11984 httpd: mod_proxy_uwsgi buffer overflow 1866564 - CVE-2020-11993 httpd: mod_http2 concurrent pool usage 6. Package List: Red Hat JBoss Core Services on RHEL 6Server: Source: jbcs-httpd24-apr-1.6.3-104.jbcs.el6.src.rpm jbcs-httpd24-apr-util-1.6.1-75.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-38.jbcs.el6.src.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-64.jbcs.el6.src.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-11.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el6.src.rpm jbcs-httpd24-mod_jk-1.2.48-10.redhat_1.jbcs.el6.src.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el6.src.rpm jbcs-httpd24-mod_security-2.9.2-57.GA.jbcs.el6.src.rpm jbcs-httpd24-nghttp2-1.39.2-34.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1c-32.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-104.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-104.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-104.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-devel-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-ldap-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-mysql-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-nss-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-odbc-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-openssl-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-75.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-38.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-38.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-38.jbcs.el6.i686.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el6.i686.rpm jbcs-httpd24-curl-debuginfo-7.64.1-44.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el6.i686.rpm jbcs-httpd24-jansson-debuginfo-2.11-53.jbcs.el6.i686.rpm jbcs-httpd24-jansson-devel-2.11-53.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-7.64.1-44.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-devel-7.64.1-44.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.14-11.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-11.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-11.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-10.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-10.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-manual-1.2.48-10.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-30.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-2.9.2-57.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-57.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-64.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-1.39.2-34.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-34.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-devel-1.39.2-34.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1c-32.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-32.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1c-32.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1c-32.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1c-32.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1c-32.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-64.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-38.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-38.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-38.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-44.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-53.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-53.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-44.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-44.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-11.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-30.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-104.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-104.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-104.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-75.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-38.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-38.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-38.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-44.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-53.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-53.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-44.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-44.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-11.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-11.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-11.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-10.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-10.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-10.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-30.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-57.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-57.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-64.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-34.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-34.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-34.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-32.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-32.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-32.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-32.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-32.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-32.jbcs.el6.x86_64.rpm Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-104.jbcs.el7.src.rpm jbcs-httpd24-apr-util-1.6.1-75.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-38.jbcs.el7.src.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-64.jbcs.el7.src.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-11.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-10.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-57.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-34.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1c-32.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-1.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-64.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-38.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-38.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-38.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-44.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-53.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-53.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-44.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-44.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-11.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-30.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-1.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-1.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-104.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-104.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-104.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-75.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-38.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-38.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-38.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.64.1-44.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-44.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-2.11-53.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-53.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-53.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-44.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-44.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-11.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-11.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-11.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-11.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-10.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-10.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-10.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-30.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-30.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-57.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-57.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-64.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-34.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-34.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-34.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-32.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-1.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-1.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-32.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-32.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-32.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-32.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-32.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5435 https://access.redhat.com/security/cve/CVE-2020-11984 https://access.redhat.com/security/cve/CVE-2020-11993 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX5mWv9zjgjWX9erEAQj9Yg//aJWowQOE7M6/EqmAbG+dzj+cjzXQyxPO pfJkpLO87/PCW+lWRAuiakRlw50LX6xCe3LNWpTKUarQWa/VXgIaj3YywEH0CWgu pmy29TRiYez9SLYlEURkhgpS6YU/fbAo3PK0CX2acn4+CKdpQK3mzO42keZsz66J tzd30Hu73Q7wcqnvItEu9v3vdoyqsbsUK9PGHniucWPXZI6qOOODik4WH2n6ubIQ ECK+haZukZDZFBJI1Cf8cdIUu9BxFUw0mddjF5dU8vfZwJMtrkPF8BEOnmszPTnk 4YK8U5LiY5gtXnAMqzLXNt1g44gxJNlQUmLvq98kYZUBi2Imfavm01DoYCK4r3q3 6ZaXkAPQOyg720jktuQEGtyU/s9zjXx5cQ2u9Iqh4bVTGJpC9iO78E6wREyASaf+ EV7mY4Ew2RN2k/v3n9E7nwawVo0xaPD+RLM4THXE2qjPN7Q+hsmJIc0/nERlcNU9 kZvizbjOA7cuRJnyJgE/0T6KLCPV6p2CSxSlV1aiUbNvcfSfTq9hfSn232jr4DTp HhUgXfHckYo8Q5mBnV7VGCVjsixZY1jAqRd3fkLCVW7RzpgFOyDULJ8KVH1lKIX0 cGrDQMU8ooFGrRtIDZN5ZIFyQ1q9xu+umT1NEez9TmnQ8Wuf5mHMT3kwahfla6Bp 0YU5x4c01MM=EK+o -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Routine security patch for Red Hat JBoss Core Services Apache HTTP Server 2.4.37, featuring improvements and corrections.. Red Hat JBoss, Apache HTTP, Security Advisory. . LinuxSecurity.com Team

Oct 28, 2020 Red Hat

security advisorymoderatesecurity update

RedHat: RHSA-2020-4383-01 Moderate: Apache HTTP Server Security Update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update Advisory ID: RHSA-2020:4383-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:4383 Issue date: 2020-10-28 CVE Names: CVE-2019-1551 CVE-2019-5435 CVE-2020-11984 CVE-2020-11993 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 4 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixesand enhancements included in this release. Security fix(es): * curl: Integer overflows in curl_url_set() function (CVE-2019-5435) * openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551) * httpd: mod_http2 concurrent pool usage (CVE-2020-11993) * httpd: mod_proxy_uswgi buffer overflow (CVE-2020-11984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1710609 - CVE-2019-5435 curl: Integer overflows in curl_url_set() function 1780995 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular exponentiation on x86_64 1866563 - CVE-2020-11984 httpd: mod_proxy_uwsgi buffer overflow 1866564 - CVE-2020-11993 httpd: mod_http2 concurrent pool usage 5. References: https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5435 https://access.redhat.com/security/cve/CVE-2020-11984 https://access.redhat.com/security/cve/CVE-2020-11993 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX5mTO9zjgjWX9erEAQhpZQ/+II6FVUvIz4QdJZK4cJTamjR3hN5vvn2Y q3C1GkwOQBDf6Bzm+mDLQfBjMlyI9l984Leir5FAANg9OUnSLFE5DewWAu7yo+RL asLZ5hdmYy607jvjGExooJEvpgbY1x11LC/p6ty/l1uqopzV2UA7+zjlJc+JwbFu kAUGpkVFtTBudLxJEPEi47te/EdK7LilKcvkh6bRge8EGJa0tvjb8QMQW2jitjJT NDA1spJV7bWYPg5c8K1Kd4vZVi5C+lP6DyvXzp4063byj5/2voUL0ZpX/QZTEupH +TQq2vo41y9RUpTliSHIdIQEuWh+byO2cV9Eoow5Yvtfnvesknvk7SWg2Miljwkh I1+aB4eeoVhIO83qhJY0vwRCRNkUJlPH/lNOxtaBCEhE+ExmP2y37nDahei/rVFc 3lBeIX54W7u39CP3vsEL9XIj24v8YrE1kyr/kNDlw+ydeZPN19d4rYrwqnslX7uj LKj5r8NXInlftsz2oz/LgcHUAH+kdVGWExczlJVfnNp+GWQGX9SD2LVW8HBZA08G ugMmr83hGu1arwGQZMfxVQkPAAfgp03TTMH4LVGidWoMbMW1OOUe5rRPjJNvaMsh D2itBCwZGGM0W3SrSJWBCcZfYv0fkPWMFa+rq/KxjPd7Y9Bb5FJBx612ACidpZru zScNtMeq3nw=6+lL -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat announces a critical security patch for JBoss Core Services Apache HTTP Server version 2.4.37, addressing various security flaws.. Red Hat JBoss, Apache HTTP, Service Pack Update, Security Patch, Core Services. . LinuxSecurity.com Team

Oct 28, 2020 Red Hat

security advisorymoderateupdate

Red Hat: RHSA-2020-1337 Moderate: JBoss Core Services Apache HTTP Server

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update Advisory ID: RHSA-2020:1337-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:1337 Issue date: 2020-04-06 CVE Names: CVE-2019-1547 CVE-2019-1549 CVE-2019-1563 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes andenhancements included in this release. Security Fix(es): * openssl: side-channel weak encryption vulnerability (CVE-2019-1547) * httpd: memory corruption on early pushes (CVE-2019-10081) * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * openssl: information disclosure in fork() (CVE-2019-1549) * openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1743956 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page 1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect 1743966 - CVE-2019-10081 httpd: memory corruption on early pushes 1743974 - CVE-2019-10082 httpd: read-after-free in h2 connection shutdown 1743996 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip 1752090 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability 1752095 - CVE-2019-1549 openssl: information disclosure in fork() 1752100 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey 6. Package List: Red Hat JBoss Core Services on RHEL 6Server: Source: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6.x86_64.rpm Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-86.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-1547 https://access.redhat.com/security/cve/CVE-2019-1549 https://access.redhat.com/security/cve/CVE-2019-1563 https://access.redhat.com/security/cve/CVE-2019-10081 https://access.redhat.com/security/cve/CVE-2019-10082 https://access.redhat.com/security/cve/CVE-2019-10092 https://access.redhat.com/security/cve/CVE-2019-10097 https://access.redhat.com/security/cve/CVE-2019-10098 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.37 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXouCx9zjgjWX9erEAQg57RAAni5W7SYIMdXwBveY7LVVU8HUzHhrOSH0 H6dPGPAhcfR2XehGfODuqax7Ma94mZKE2PXxujpmxlA1Scg+IvpG9Mrj4QllKgEU v+Gsq8Hs3LtZS7B1sytl2vIKUOuUhjR8W+61Zh5X8oG5POhQbaavjTakGjPHt8AU mXWraZevjvIzHWKitg9dhAbCerEy+aaf4yhgrXadqv5kwT1ud2TNqDqR4ayAx4Gm UjOTvhg04eMExzTIUjabpN1khA70tMljxWWTwwejj2uCXeGEggImkL4hM882FwVZ Z9FTyQjY92r8S8jbxmQxo7MC7bSoZGrl//Dg+4EA+60j1p7OjXISLKXBZYoQcrtr c+CZXbUVPXH8vBcGF5TixrfbpZnF2GYq4S0XajhhXWJ0kskAR4zAjTmD5w8vVIBr PJ/yPeAYSFjkDuKaKnbvrXN8YS4hLfcW5EbwsSD5GXF1bgC9pftdpJJ321ElSYIW zdqujswl6NbMozTXBPbxF3lmNY+DpDeJZ9FZy5nfDxpGNNzkk9kdkrQlUZ5Uy/78 1/kEmhhAnr0s19WPsbhAk4mdzFr+pcRYZcJTtsOVTH3CoVO2+g9icZOLmmkk3lx3 L4GcquyY7qYsn2frT5HuGME/iXpkKjlJlY0EjUEjvPCO9IzLWlGMWDvKXNG/Ma7L i1VWpzjNjpU=uXCZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Cautious security notification for Red Hat JBoss Core Services Apache HTTP, encompassing critical patches and enhancements.. Red Hat JBoss, Security Update, Apache HTTP, Bug Fix, Core Services. .LinuxSecurity.com Team

Apr 06, 2020 Red Hat

security advisorysecurity issuered hat

Red Hat JBoss Core Services Apache HTTP Update RHSA-2020-0250-01 Low Risk

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update Advisory ID: RHSA-2020:0250-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:0250 Issue date: 2020-01-27 CVE Names: CVE-2019-0220 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s),including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1695036 - CVE-2019-0220 httpd: URL normalization inconsistency 6. JIRA issues fixed (https://issues.redhat.com/): JBCS-129 - httpd/mod_proxy prepends error page for HEAD request to a next response for next GET request JBCS-343 - Unwanted service start after installation selinux package JBCS-451 - mod_proxy_http incorrectly requires continue response after already sending response data JBCS-632 - JBCS rpm scripts are affecting RHEL httpd service. JBCS-813 - Changing ownership of files should be done via postinstall instead of just documentation JBCS-847 - Create mod_http2 and mod_md as separate components JBCS-856 - Upgrade openssl to 1.1.1.c 7. Package List: Red Hat JBoss Core Services on RHEL 6Server: Source: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.src.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.src.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.src.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.src.rpm jbcs-httpd24-mod_jk-1.2.46-26.redhat_1.jbcs.el6.src.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.src.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-41.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el6.x86_64.rpm Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-73.jbcs.el7.src.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.src.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el7.src.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.46-26.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-41.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-0220 https://access.redhat.com/security/updates/classification/#low 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXi9Uu9zjgjWX9erEAQh2dRAAoubJk9xUw4wJV0BfqKRpg0c/z5kD+cd9 XGAO7bdOn2sGUQBKAJ5ckYw/bOLM+fupYhhGmzx7Fd33cMxbw0srqhfrATcDzVBJ h9/vLfROoQDJZWe7roUkvR8Z3OwNlxG2SjOx+ohQze/SVGy/Dhjpsj1JCRGRPW9x aPDGGQ+wu7PbS2CUyFfOsbFTUmJkEPCZsHcdWFyUI0GlnT5EHXLMknEnQ+Mn2WJ1 DA/46QTExAfpKZkNbuBoBHjbTKH+BOh6T7SYQY1LqbzUn2XH/r9vlKZRyFOi8n6U gBZnE1gwZZjQWeZfG+zLdGCanwJ3qs/0ZB/Q3zGysPxivPjr+KsJmsDRPGSRmPQA 3/tOUrg4aAyv3OpXGTvEQUJ0HDDT2LhsRUV7aF5fvXR+ZaVcEUTJYTq0VkOPWd/2 /T1lmnaWJDSBK8/dJk8G83BQs47u1c+uu12soy5aIa6R4F0ZAHs5xC80QmaAjUzy jJ4Qsgs1CwnGwFDKqT45J+p2Ccebj3K38QldMzhlpS2NI/bTghJaKw9CVv/fnavd tyfvCO8/3m+IANt1lI3gOpAb+x75JUZKloriASFYJaJOgzaxg/CtcIEm/xzXBF0R 7quXwGis4hhQIGPhD5I5H6rZqZHYuUdQfw4eEXG+YdKdQ9kJb7YqHP5Q4CYjBZEs VT/aOg6NSjc=rO8T -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore the newest security bulletin regarding Red Hat JBoss Core Services Apache HTTP Server, featuring vital patches.. Red Hat Services, Apache Server Update, JBoss Core Services, Security Advisory, Bug Fixes. . Severity: Low. LinuxSecurity.com Team

Jan 27, 2020 •Low Red Hat

security advisorydenial of servicecritical issue

Ubuntu 14.04 LTS USN-2299-1 Critical: Apache HTTP Server DoS

Several security issues were fixed in Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-2299-1 July 23, 2014 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118) Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226) Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.1 Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.7 Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2299-1 CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.7 https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.14 . Managing various Apache server challenges in Ubuntu, notably Denial of Service vulnerabilities. Key details enclosed.. Apache Server Issues, Ubuntu Denial of Service, Apache Update Risks. . Severity: Critical. LinuxSecurity.com Team

Jul 23, 2014 •Critical Ubuntu

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Ubuntu 18.04 & 16.04: USN-6729-2 critical: Apache HTTP request splitting

Red Hat JBoss 2.4.57 Moderate: Security Update Advisory RHSA-2023:4628-01

Red Hat JBoss 7: RHSA-2021-0486-01 Low Severity Apache HTTP Update

Red Hat JBoss Apache HTTP Server 2.4.37 Moderate Security Update

RedHat: RHSA-2020-4383-01 Moderate: Apache HTTP Server Security Update

Red Hat: RHSA-2020-1337 Moderate: JBoss Core Services Apache HTTP Server

Red Hat JBoss Core Services Apache HTTP Update RHSA-2020-0250-01 Low Risk

Ubuntu 14.04 LTS USN-2299-1 Critical: Apache HTTP Server DoS

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!