Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
219
security advisoryhttpdpatchRocky Linux 8 RLSA-2024:5193 Important: Httpd Security Fix
Important: httpd:2.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:5193", "synopsis": "Important: httpd:2.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.mod_md, module.mod_http2, mod_http2, httpd, mod_md, module.httpd.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2295015", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2295015", "description": ""}], "cves": [{"name": "CVE-2024-38476", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-38476", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-08-21T14:52:31.100489Z", "rpms": {"Rocky Linux 8": {"nvras": ["httpd-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "httpd-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.src.rpm", "httpd-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "httpd-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "httpd-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "httpd-debugsource-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "httpd-debugsource-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "httpd-devel-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm","httpd-devel-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "httpd-filesystem-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.noarch.rpm", "httpd-manual-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.noarch.rpm", "httpd-tools-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "httpd-tools-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "httpd-tools-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "httpd-tools-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_http2-0:1.15.7-10.module+el8.10.0+1775+6b057638.aarch64.rpm", "mod_http2-0:1.15.7-10.module+el8.10.0+1775+6b057638.src.rpm", "mod_http2-0:1.15.7-10.module+el8.10.0+1775+6b057638.x86_64.rpm", "mod_http2-debuginfo-0:1.15.7-10.module+el8.10.0+1775+6b057638.aarch64.rpm", "mod_http2-debuginfo-0:1.15.7-10.module+el8.10.0+1775+6b057638.x86_64.rpm", "mod_http2-debugsource-0:1.15.7-10.module+el8.10.0+1775+6b057638.aarch64.rpm", "mod_http2-debugsource-0:1.15.7-10.module+el8.10.0+1775+6b057638.x86_64.rpm", "mod_ldap-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_ldap-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_ldap-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_ldap-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_md-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.aarch64.rpm", "mod_md-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.src.rpm", "mod_md-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.x86_64.rpm", "mod_md-debuginfo-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.aarch64.rpm", "mod_md-debuginfo-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.x86_64.rpm", "mod_md-debugsource-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.aarch64.rpm", "mod_md-debugsource-1:2.0.8-8.module+el8.9.0+1370+89cc8ad5.x86_64.rpm", "mod_proxy_html-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_proxy_html-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_proxy_html-debuginfo-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm","mod_proxy_html-debuginfo-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_session-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_session-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_session-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_session-debuginfo-0:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_ssl-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_ssl-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm", "mod_ssl-debuginfo-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.aarch64.rpm", "mod_ssl-debuginfo-1:2.4.37-65.module+el8.10.0+1830+22f0c9e0.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Essential patches released for httpd:2.4 to mitigate significant security vulnerabilities affecting Rocky Linux.. httpd security update, Rocky Linux patch, Apache HTTP fix. . Severity: Important. LinuxSecurity.com Team
Aug 21, 2024
•Important
Rocky Linux
87
security advisorydenial of servicecriticalDebian 11 and 12 DSA-5729-1 Critical: Apache Server Threats
Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5729-1
Jul 11, 2024
•Critical
Debian
203
security advisorysecurity updateinformation disclosureMageia 9 MGASA-2024-0258 Critical Update: Apache Server Exploits
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. (CVE-2024-36387) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend . MGASA-2024-0258 - Updated apache packages fix security vulnerabilities Publication date: 09 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0258.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-36387, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884 Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. (CVE-2024-36387) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. (CVE-2024-38473) Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. (CVE-2024-38474) Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be usedto opt back in once ensuring the substitution is appropriately constrained. (CVE-2024-38475) Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. (CVE-2024-38476) Null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. (CVE-2024-38477) Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. (CVE-2024-39573) A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. (CVE-2024-39884) References: - https://bugs.mageia.org/show_bug.cgi?id=33353 - https://www.openwall.com/lists/oss-security/2024/07/01/4 - https://www.openwall.com/lists/oss-security/2024/07/01/6 - https://www.openwall.com/lists/oss-security/2024/07/01/7 - https://www.openwall.com/lists/oss-security/2024/07/01/8 - https://www.openwall.com/lists/oss-security/2024/07/01/9 - https://www.openwall.com/lists/oss-security/2024/07/01/10 - https://www.openwall.com/lists/oss-security/2024/07/01/11 - https://www.openwall.com/lists/oss-security/2024/07/03/8 - https://www.cve.org/CVERecord?id=CVE-2024-36387 - https://www.cve.org/CVERecord?id=CVE-2024-38473 - https://www.cve.org/CVERecord?id=CVE-2024-38474 - https://www.cve.org/CVERecord?id=CVE-2024-38475 - https://www.cve.org/CVERecord?id=CVE-2024-38476 - https://www.cve.org/CVERecord?id=CVE-2024-38477 - https://www.cve.org/CVERecord?id=CVE-2024-39573 - https://www.cve.org/CVERecord?id=CVE-2024-39884 SRPMS: - 9/core/apache-2.4.61-1.mga9 . Mageia issued security noticeMGASA-2024-0259, introducing updates aimed at resolving significant Nginx vulnerabilities that affect web application stability.. Apache Security Update,Mageia Advisory,WebSocket Protocol Issue. . Severity: Critical. LinuxSecurity.com Team
Jul 09, 2024
•Critical
Mageia
172
security advisorydenial of servicecriticalUbuntu 18.04 LTS USN-6510-1 Critical: Apache HTTP Server DoS
Apache HTTP Server could be made to crash if it received a specially crafted request.. ========================================================================== Ubuntu Security Notice USN-6510-1 November 23, 2023 apache2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Apache HTTP Server could be made to crash if it received a specially crafted request. Software Description: - apache2: Apache HTTP server Details: David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm11 Ubuntu 14.04 LTS (Available with Ubuntu Pro): apache2 2.4.7-1ubuntu4.22+esm9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6510-1 CVE-2023-31122 . Crucial security notice for Apache HTTP Server on Ubuntu about a denial of service vulnerability impacting various versions. Act quickly to mitigate risks. Apache Server Security, Ubuntu Advisory, Denial of Service, Remote Server Attacks, Critical Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Nov 23, 2023
•Critical
Ubuntu
172
security advisorydenial of servicesoftware updateUbuntu 22.04 LTS USN-5487-1 Critical: Apache Denial of Service
Several security issues were fixed in Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-5487-1 June 21, 2022 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: apache2 2.4.52-1ubuntu4.1 apache2-bin 2.4.52-1ubuntu4.1 Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.5 apache2-bin 2.4.48-3.1ubuntu3.5 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.12 apache2-bin 2.4.41-4ubuntu3.12 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.24 apache2-bin 2.4.29-1ubuntu4.24 Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm6 apache2-bin 2.4.18-2ubuntu3.17+esm6 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm5 apache2-bin 2.4.7-1ubuntu4.22+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5487-1 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.12 . Security flaws addressed in Apache HTTP Server for Ubuntu 22.04 LTS, affecting a range of versions with various vulnerabilities identified.. Apache Server Security, Ubuntu Security, HTTP Request Smuggling. . Severity: Critical. LinuxSecurity.com Team
Jun 21, 2022
•Critical
Ubuntu
98
security advisoryRed Hatsoftware updateRed Hat JBoss: RHSA-2021-1199-01 Important Apache HTTP Server Update
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1199-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1199 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about thesecurity issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 6. Package List: Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A vYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ Qw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ gkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7 SWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK CLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX aDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV ddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6 AbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK 1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr hnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl qQeHglPylHU=m11c -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
98
security advisoryred hatsecurity fixRedHat: RHSA-2020-3733-01 Important: httpd24-httpd DoS Threat
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2020:3733-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:3733 Issue date: 2020-09-14 CVE Names: CVE-2020-9490 ==================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1866560 - CVE-2020-9490 httpd: Push diary crash on specifically crafted HTTP/2 header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.34-18.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.34-18.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: httpd24-httpd-2.4.34-18.el7.1.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.s390x.rpm httpd24-mod_session-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.1.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: httpd24-httpd-2.4.34-18.el7.1.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.s390x.rpm httpd24-mod_session-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.6): Source: httpd24-httpd-2.4.34-18.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.s390x.rpm httpd24-mod_session-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.7): Source: httpd24-httpd-2.4.34-18.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.s390x.rpm httpd24-mod_session-2.4.34-18.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-18.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-9490 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX19oNtzjgjWX9erEAQjnoA/7BiAM6oopu9GmyxNO2EQ+C2NJ5j3btOla kEf1QOVDlcPIrxwoBvK/k0Rg9uZNCZXjNbwW8Qhec/Ui1yX/gEQhLlbZi+Z9R9zF bQrkpT38nTVsTcVL9FoJjXQ/ICRG+r6yqyl57W6SbVSIQAXWKuewSteB/fMql9eq 0IGhsDUyePvZuoJFftHruAOyGbVsI3x7UoPQu8zpdpxDmSEOc5zlnWsH1NiJKynt e7njOS9+eVuGxaGjYH5zcKFqnftDdvneOOoDgztsuCLJG/jO7lhJeZBMr+2VBszK 73uvotx2V7BcFjqgs8jQYYV/TYym0XbM0bnm6m9Oe6W6fmXyFPmMXOJTbPaT+rs3 NUZsJfwRnAXRbJNLI1LxvwOIdazlTlRLth/a8ulK5egyUnPmdCFRg4WdnW0kiKsZ YjPR6k4Vaz0CEhxKtARCZE09F5y1wYSBzyNTBjTpNxaqAAYPBQvyL3vqyUX5otKS 8/YqzNHkwRnMNEpTjUNpTB4s5dg8HsxUSRB9iGnq6Durd2yasC2LPMFpn/EkF8SG PK1n/PtQLZaD7XnKKvksyhrO0A3nLUjikYrkKqHrh4BEIOrwQuK/ECPXUtlSJRtj 7lH3/QjSowb24JBZ/XEALITUJ8qy27KOi57GdCy7QDdOkB64fOoRlELi7FhhwaTH kZgYBv6gJFM=FJnv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 14, 2020
•Important
Red Hat
172
security advisoryremote code executionDoSUbuntu 16.04 LTS USN-3038-1 Moderate: Apache DoS Risk Issue
A security issue was fixed in the Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-3038-1 July 18, 2016 apache2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: A security issue was fixed in the Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.1 Ubuntu 15.10: apache2-bin 2.4.12-2ubuntu2.1 Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.13 Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3038-1 CVE-2016-5387 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.1 https://launchpad.net/ubuntu/+source/apache2/2.4.12-2ubuntu2.1 https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.13 https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.11 . Ubuntu 20.04-18.04 LTS: Upgrade Nginx to resolve severe vulnerability impacting web service functionality.. Apache Server Update, Ubuntu Security Patch, Remote Attack Prevention. . LinuxSecurity.com Team
Jul 18, 2016
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!