Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity fixRed Hat Enterprise Linux

Red Hat Enterprise Linux 8.2: RHSA-2023:1672-01 Critical: Httpd Request Splitting

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2023:1672-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1672 Issue date: 2023-04-06 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update,which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy 6. Package List: Red Hat Enterprise Linux AppStream AUS (v.8.2): Source: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm aarch64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm noarch: httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm ppc64le: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm s390x: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm x86_64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v.8.2): Source: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm aarch64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm noarch: httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm ppc64le: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm s390x: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm x86_64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v.8.2): Source: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm aarch64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.aarch64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.aarch64.rpm noarch: httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm ppc64le: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm s390x: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.s390x.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.s390x.rpm x86_64: httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZDVvCdzjgjWX9erEAQhpvxAAiRD8hiZ4F0ajnUzXNQ7JnAVqTDtseV9T Qs9XSCNIGf3PD3YTHmYsG0A1ilqoKUUSHEZAkEfltzLKye9hVrNMZnkWJ9PbqSRW /JD/3cpqju7ZL9Xyd3VRdQbBidSzXT8KjrWTaMtzI+qnHbnyw3jUdZ+lu81Db9+V ykCEBa6pxEr10qG+keAv3AGMot6GcvoIiIcHwxv3zMQJnmTznKiM1rlDhrR/Iiij EZM7mzMX3bLt3jt2LfdwSQWVwBb0hX+t1JuqgCq7cM51t+a4JqCP4bNMoQfCTG+u yQJUCAzhY9h224WWf1zkv8nn7wm3dutixhf8CvJIU5RbpNJQIMeLHfhgjApMKBjD 11DPAH6DxEQfJWxUhqo+6xt4xBBl/XfoMJwPvXiEG6mGI++15RKKbFLVksx5l+qD t/N6Sjgb6oUzhD45uZ5MKKqXGe1bXKxxjmDyk9LLvlhglnuGIOM5tC4f+rKLSgjR CzGEta6HDwaj7AhKgFg2kpT6rH9x0Jp046w21gY1OOXudYDMudMIMUiJZO7fIxud 4mxkVMpDb9UN6cTHEVLfus1Ni3/brSRC56IUPlhPU/nGPw15IFNp65P5+b+e6Q2d LFPIWiAG3la1nw/yMssXTrV6j67sXuLWx3mekEey6q5d2ZbMZIg46KiH3usuCZ7O Dm7xDjJMzt4=CC76 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial patch released for httpd:2.4 component in Red Hat Enterprise Linux targeting the request smuggling vulnerability.. Red Hat Enterprise Linux,httpd security,httpd module update,security advisory. . Severity: Important. LinuxSecurity.com Team

Apr 11, 2023 •Important Red Hat

security advisorysoftware updateRed Hat Enterprise

RedHat 8.4: RHSA-2023-1596-01 Important: httpd HTTP Request Splitting

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2023:1596-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1596 Issue date: 2023-04-04 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd: HTTP request splittingwith mod_rewrite and mod_proxy 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: httpd-2.4.37-39.module+el8.4.0+18509+78723510.6.src.rpm mod_http2-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm httpd-devel-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm httpd-tools-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_http2-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.aarch64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.aarch64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.aarch64.rpm mod_ldap-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_session-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_ssl-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.aarch64.rpm noarch: httpd-filesystem-2.4.37-39.module+el8.4.0+18509+78723510.6.noarch.rpm httpd-manual-2.4.37-39.module+el8.4.0+18509+78723510.6.noarch.rpm ppc64le: httpd-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm httpd-devel-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm httpd-tools-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_http2-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.ppc64le.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.ppc64le.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.ppc64le.rpm mod_ldap-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_session-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_ssl-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.ppc64le.rpm s390x: httpd-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm httpd-devel-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm httpd-tools-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_http2-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.s390x.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.s390x.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.s390x.rpm mod_ldap-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_session-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_ssl-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.s390x.rpm x86_64: httpd-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm httpd-devel-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm httpd-tools-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_http2-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.x86_64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.x86_64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+18512+9c29e63a.2.x86_64.rpm mod_ldap-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_session-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_ssl-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+18509+78723510.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat securitycontact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCw/AdzjgjWX9erEAQjyQg/+JzWPxOkqfZHdwTJ4Wl4I88wytH78Esc+ UeLYd3nNUB63/X0Hq3i1oSsyWV891zIo7fHrzFPp2VCo/fF+H6SMXQdstIOG7YsN RzDnXMBBkuFbCgL3nrUHQh21WNZ9rK682KPF0F7HEW63gQnlmUZHpo85s/h12YA/ 12GKVYT/aUc4cQsWNiyvu+nA0Z7oYK95fIGzygeFYPw252Y7gl54whBfKA+rbAqy ezU6FqCmLEgCMml4rbvaXX7Xxu3fuE5gPZ7J/7JR2uDTrZG7s9ZWIzIrLrODgTh5 mPBB1tkThEWJDu/mhj4TOpP4j/K9Vpmx5f50ORqkghgqpWtpRvnl/8LEtd8/7BcJ bPex/FgjrNnlGud5X8BDNa3tnS2Y5XG7qh1aJJGZ9L4RqrujEaSTVeZti64YPvGe rlliFvyqyaQDbvpLqvKEcshucZcTzT0J/DvMwnb4MX8j+SGhexHr4O+M+keyYTWe 0tyj+lQI1BjPmvor1ZK9+Lvk3l2KGZ1B45tP7EK8jocw8E+0YVuToxcv6BS737xS JEJWyDudrTBLyEBK7M914oksioz4Lj3qUTGav9OcYEQwo9fiL18jS+sgTWYX9j+X TZwHh2kW8wGTwHB7SncgyCf4+vJaKnh3LLwV8C1YWirWedQM20BCMVTSSWVnPCkg UuD/ye6rC/Q=Ud0B -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An important security patch has been released for the httpd version 2.4 on Red Hat Enterprise Linux, addressing vulnerabilities related to HTTP request smuggling.. Red Hat Enterprise Linux, HTTP Server update, security advisory. . Severity: Important. LinuxSecurity.com Team

Apr 04, 2023 •Important Red Hat

security advisorysecurity issuered hat

Red Hat 8.1 RHSA-2023:1547-01 Important HTTPD Security Threat

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2023:1547-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1547 Issue date: 2023-04-03 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd:HTTP request splitting with mod_rewrite and mod_proxy 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.1): Source: httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.src.rpm mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.src.rpm aarch64: httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.aarch64.rpm mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.aarch64.rpm noarch: httpd-filesystem-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm httpd-manual-2.4.37-16.module+el8.1.0+18511+ffefe478.6.noarch.rpm ppc64le: httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.ppc64le.rpm mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.ppc64le.rpm s390x: httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.s390x.rpm mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.s390x.rpm x86_64: httpd-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm httpd-devel-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm httpd-tools-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_http2-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+18514+ae5f89d3.3.x86_64.rpm mod_ldap-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_md-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_session-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_ssl-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+18511+ffefe478.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZCtB1NzjgjWX9erEAQgaeA//flKzR9g5B8lhlvK+onhYUdiY9If2qpe8 9RWbjE4IXcZkmuHb2N2WLmeM/ImH/hwJGLnBZV5r9ZafS53nNVK3liQTzPtL0uvV EwWhRT79rNtWpDdx3XeVcYyBs525HYBPTPdvpSZ1Y8B32vQOQ9FUnz+ArHsUQo3j IEHabT6mw4YqJ6k9yy7qylTwkEahADOfQYW2X9oTiAv7577JYMWnys7r/w0I/Me5 cbejAwqsjXHcuei5d5TS1FJ0aMdcmomzbqp/jfe3FNENyvqQLet216YnF5kJCkdw o6SU5aDRuyxDmaDwQUnE+80g07tN2olZSIkedzXzjNjMdcWycgAwjyFjGqzKCpcN 9s24p+rPOtv/uT2rOvgQLhb+QYz7Os6OL/Yrg3PPi8OEgvmGV5u3S3uBjxaLBfEG WaTuAoRvgDx3GnPWXYu5eih5q+/QoTpaCd+PsqyHA/5R/Y80WC5lXfpbZ7fY7xoE g7QypCS7fe581+BKboSrqQ/qodMDiOtAz5jbYrcfc2hpifIHuhBDiqyo+CinIFDD bdBaZOO84J9+x+GEIKGNghKMKT7Ibd6mMSwsT4yNiZ1Ix8gTwixaphyP58gClL3K 49BKv5O6Behq+YJp/kk52uIaYUHbpsMzVqB4QaoslcEn70Tqy+Gjgm2I2QFepKsV 25+LyDieCVY=jzEb -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu released a significant upgrade for nginx:1.20, tackling vulnerabilities and improving overall efficiency.. Red Hat Security,httpd update,enterprise security,SAP Solutions,HTTP server. . Severity: Important. LinuxSecurity.com Team

Apr 03, 2023 •Important Red Hat

security advisorysecurity issuebug fix

Red Hat Enterprise Linux 8: RHSA-2023-0852-01 moderate update for httpd

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd:2.4 security and bug fix update Advisory ID: RHSA-2023:0852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0852 Issue date: 2023-02-21 CVE Names: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967) 4. Solution: For details on how to applythis update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2165967 - httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm ppc64le: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm s390x: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm x86_64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2006-20001 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5HdzjgjWX9erEAQh4bRAAkF3EgQgukNt/nGFBeSNly7ekQ6MZzwx6 /g701Jznu0z/XZM4+lhWIB6Au8sDwHyzp9tL3Mmwb1vSDkJfYMEBNpx22Ku4yr78 AqvAtMbtr3ZRtzlCow12ARhcsoV3mxCNvEs8Gw9ZK7VlJy0bq771jpau14tgZHvU cy3IOQgBUbACHoaJ+C4fpSFtd4ewKuYV9VDQrW08ZhYejF32U/0jFeWKPPAv2VFU gr9EazXKwQp4QF2d/dMOpmuERQNqRWRYKT7SdWykvCIpOjB1NeJ/iTKBK4hZnm3A malqCf3hnWl/6v+ZFRlb62G1UPzVH3xGfNrkBgN96ktGhJ/i7GYKn04zWioP/0mv pp5TsME6BT4J7ykw1SCZRDecFBHXyFKA8E08nXG+/aS9CDiHyUfP2mWyo7wx228Y xUvZYJQA165zaxSC7PG0W52CGeVYhUnBaa1xZKbG00YE+U+eN7KsHnbv+J7VjSnT F2Qm/z4OW1dFZU462VK2XVydYFPBoMormkeHFfOo3N92DdKduOU9rXcL9n++Y8dn 3tpuinfUc82EXeFm79HkVPaKz2R7/sm+dsylaC5QUkJqcbTahAYF2JgrkyfSWA9/ iY86qqDT17rd84adrQfXojb5hc4AKqVMJZuRJv5OGsj7SH/qiCGbYAtUDLf4C31G sw6Iqa1wZ18=EViL -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical issues a significant patch for nginx:1.20 module, focusing on enhancing security measures and resolving outstanding bugs.. Red Hat Enterprise,httpd module,moderate security update,security advisory. . LinuxSecurity.com Team

Feb 21, 2023 Red Hat

security advisorymoderatesecurity issue

Red Hat Enterprise Linux 8 RHSA-2022:1915-01 Moderate: httpd Bug Fix

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd:2.4 security and bug fix update Advisory ID: RHSA-2022:1915-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1915 Issue date: 2022-05-10 CVE Names: CVE-2020-35452 CVE-2021-33193 CVE-2021-36160 CVE-2021-44224 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes inthis release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 1984828 - mod_proxy_hcheck piles up health checks leading to high memory consumption 2001046 - Apache httpd OOME with mod_dav in RHEL 8 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.src.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-47.module+el8.6.0+14529+083145da.1.noarch.rpm httpd-manual-2.4.37-47.module+el8.6.0+14529+083145da.1.noarch.rpm ppc64le: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le.rpm s390x: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.s390x.rpm x86_64: httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqRXtzjgjWX9erEAQj4aQ//XPsVETk95gk9J5gSXYdo5X2WgsqmS+nH 5M32OQ19Rv2z0+bJUStI1wf2haa/+LyIXD2nj2LvWr572GUkaUsahbZwy8mCjkh0 XVv9JUeV51Ifel/HUgn3M8I1LENwt0xucOa8lgurhAE7YWfTOJT5PTH73HoSoOIa e9VFeScMaU93on/mtBaUAne+W+3qDPS47/Gml0S9CQDzs0W6qwpg5wqAdJDfqYdS GMRn8U6O3xix4nwb5szdfV176JrO7yytPx6hA2t9ujM8qgQ+FJ/BvBOn7ge+2vb7 fNZfuu6laq5/sd8ScsvRYrs5g4d2PWZZ27fv3RA9B93L/kbtR0rG+nBdfJCGiQuz f3CcZY08HDxy47Xee4UXts0jycukZoGh7ySOfwdbxhgPCOVTme+Vi/aqtjGS+9jz WFgj0T6kBs+f3lyGBNTLcNwGnCPIrNA+GNLMZIOB72RMGrY3K/iC4SNYVr5W5HyT Ae+3Oc1M5/JjxkrVQJXTd/r4YJiBUYuS1klZMSYAobRqv59Kg2NkQ+SYg/7V73kw eflr/kPIOMzdHIqfdmWE9oM2VMwaFg4oF0xJfuY/Oik1OQDyFaZPW0E2joqbCzGn Rye+bwI2+eGav+J42igT0nopp37O5sT+uhMG7Lmk3Wa2Q+t0PzB0UcJDN19mT7v2 +X/1OrMch2A=OXCc -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Routine patch and enhancement release for the httpd:2.4 module has been issued for Red Hat Enterprise Linux 8.. Red Hat Enterprise Linux,httpd module,security update,bug fix,httpd security advisory. . LinuxSecurity.com Team

May 10, 2022 Red Hat

security advisorybuffer overflowRed Hat Enterprise Linux

Red Hat: RHSA-2022:0258-01 Important: httpd Buffer Overflow

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2022:0258-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0258 Issue date: 2022-01-25 CVE Names: CVE-2021-44790 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3.src.rpm mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.src.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm aarch64: httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm httpd-devel-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm httpd-tools-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.aarch64.rpm mod_ldap-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.aarch64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_session-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_ssl-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.aarch64.rpm noarch: httpd-filesystem-2.4.37-21.module+el8.2.0+13808+dea277df.3.noarch.rpm httpd-manual-2.4.37-21.module+el8.2.0+13808+dea277df.3.noarch.rpm ppc64le: httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm httpd-devel-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm httpd-tools-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.ppc64le.rpm mod_ldap-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_session-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_ssl-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.ppc64le.rpm s390x: httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm httpd-devel-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm httpd-tools-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.s390x.rpm mod_ldap-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_session-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_ssl-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.s390x.rpm x86_64: httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm httpd-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm httpd-debugsource-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm httpd-devel-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm httpd-tools-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.x86_64.rpm mod_ldap-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm mod_proxy_html-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_session-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_session-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_ssl-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+13808+dea277df.3.x86_64.rpm Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.src.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm httpd-devel-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm httpd-tools-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_ldap-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_session-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_ssl-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.aarch64.rpm noarch: httpd-filesystem-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.noarch.rpm httpd-manual-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.noarch.rpm ppc64le: httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm httpd-devel-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm httpd-tools-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_ldap-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_session-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_ssl-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.ppc64le.rpm s390x: httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm httpd-devel-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm httpd-tools-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_ldap-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_session-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_ssl-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.s390x.rpm x86_64: httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm httpd-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm httpd-debugsource-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm httpd-devel-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm httpd-tools-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_ldap-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_session-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_session-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_ssl-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+13807+c8c001ae.3.x86_64.rpm Red Hat Enterprise Linux AppStream (v.8): Source: httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.src.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm httpd-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm httpd-debugsource-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_session-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.noarch.rpm httpd-manual-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.noarch.rpm ppc64le: httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm httpd-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm httpd-debugsource-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_session-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.ppc64le.rpm s390x: httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm httpd-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm httpd-debugsource-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_session-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.s390x.rpm x86_64: httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm httpd-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm httpd-debugsource-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_session-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfAw7tzjgjWX9erEAQjh2hAAn/fG6zFBtG2vXNtKUizJJ6uwLfr6Je31 4DTY+/QoUb01R9K6D4UDrYt7TE1yllQHsBzgfACeul2Jn0M24izXwd4gTxsp4sNT V89KczmnKFm3yXcsD9gCXw2bGwqmc4GEla7/jTYUdZMfWIAOR7yubqEAQfoYgz2d +yUWavRc9mGxylQ8iT+QW4BqxlbBNhKNiTJOp0UC9AjmjNg0+3+1UEpY8ntShLpS c2YfYbzbyVA161GhT/8oRWJDwwUSWeh2kDGMIFFful5/brh21bggNSl5jv6TXaUv bZ0Ad22EOt5HbK+0XmiUqZnX4vgvlcR3Jl/5iMa+V+QFhcLLVjx5JwiyzLjyZhEe Rs2VX7VWvYZRlpk13dbcELOwNrWmsJiM1I6TEqknUjXWAApGUAs4rnz55B57xBRK wrkTYnRQtIm7Dm/ozmxFcRRYK/kmG1hz70KIOrwYaMsfSOmLUfh2lDR1If3zS1xp BL4hDdXKU6juGRYcB9e4Ib8ZeufgWC76tyal3Sd612btti5AxqBt4vU56PZ0iD5V e4o2XpN29QnZdhY34M6Kgqn/nSn0cCsQs4M8Utb641nkuZ1mr8rEE79gqtNRLrqa oNWjJx4W37cdRdykDDtAJfbmu40kAEJdQW2WsA0LLGghFMFSHRCMggM47GDxGgAI CnEhDLKT44Q=5/ta -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security alert for httpd:2.4 on Red Hat Enterprise Linux tackling a potential buffer overflow threat.. Red Hat Enterprise Linux,httpd module,security advisory. . Severity: Important. LinuxSecurity.com Team

Jan 25, 2022 •Important Red Hat

security advisorysecurity issueupdate

RedHat: RHSA-2021-4257 Moderate: httpd:2.4 Security Update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd:2.4 security, bug fix, and enhancement update Advisory ID: RHSA-2021:4257-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4257 Issue date: 2021-11-09 CVE Names: CVE-2021-26690 CVE-2021-30641 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_session: NULL pointer dereference when parsing Cookie header (CVE-2021-26690) * httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1905613 - mod_ssl does not like valid certificate chain 1934741 - Apache trademark update - new logo 1935742 - [RFE] backport samesite/httponly/secure flags for usertrack 1937334 - SSLProtocol with based virtual hosts 1952557 - mod_proxy_wstunnel.html is a malformed XML 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.src.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm noarch: httpd-filesystem-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm httpd-manual-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm ppc64le: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm s390x: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm x86_64: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrer9zjgjWX9erEAQidnxAAljIz0c1qtUxP9lnANeO/5Dkx3XhX1VaN sOO/DRmelj7YeHeelF1HfX3lTfRXZ22/rSzV/EbCMhnRYheTpKq5kCmCanqRmHvo F3CVF2c9wbPpi6b/ww+VzdF4RuhWSY7ZN+oOT8P8rxtX9GcmQ9lYB+HF/BAKVPB7 BHWcJ9eK+wenF931qT6Tg00dfWLJdwEeefZOw1G0VeeUdw4S420LYNM0DHA10HiC 58mzqQMCh2lJ4nlMlK5BHWcTOm0J6AJkoHNrDWHvyAdbtKmK6wgRiSx5WMRmhTin RgXchqrR52GwZwrCCkXhXzMhZ2Ps7G1hgPLXguApDP2AGDFQ/YlTMAImMBGwZw8i jwMq8BL785q4FRKrgCjM0iNBoGYW5rkBtJbiSPeiBuE0VF8ryDp8uwTsREaw/Ybk xKw5kry6Cj2Kl1kuvEI7Px9oFh5Wz1ZImfUaUP+GYDFwUmHdmMZj+bzwGQF21B1M IRpnQH1A8LGF73FWrPX7UBUmzstRadxfbtLXdeOnxxooXbCTwRS4afz4JkZubEZ6 XhrOCJsTM6idFd6NTMYT8f+UhoSojMvqrP27oi4DhiJw4T9Qh5qV0sp3v4+UwD0b VXWRUvWSRk3pVgDPVnhlnK1Ga9GFG5hg0TMo3ssqjq0PknJWcaSIEoFsOkuGxa4t F+wizQuyFY4=Bqs/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important update notice for Red Hat's httpd:2.4 module, featuring critical bug resolutions and performance improvements aimed at Enterprise Linux 8 users.. Red Hat Security, httpd module update, Linux vulnerability management. . Severity: Important. LinuxSecurity.com Team

Nov 09, 2021 •Important Red Hat

security advisoryred hat enterprise linuximportant update

Red Hat Enterprise Linux 8.1: RHSA-2021-3837-01 Important SSRF Fix

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2021:3837-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3837 Issue date: 2021-10-13 CVE Names: CVE-2021-40438 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2005117 - CVE-2021-40438 httpd: mod_proxy:SSRF via a crafted request uri-path containing "unix:" 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: httpd-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.src.rpm mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.src.rpm aarch64: httpd-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm httpd-devel-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm httpd-tools-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.aarch64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.aarch64.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.aarch64.rpm mod_ldap-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_md-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_session-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_ssl-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.noarch.rpm httpd-manual-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.noarch.rpm ppc64le: httpd-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm httpd-devel-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm httpd-tools-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm mod_ldap-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_md-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_session-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_ssl-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.ppc64le.rpm s390x: httpd-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm httpd-devel-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm httpd-tools-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.s390x.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.s390x.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.s390x.rpm mod_ldap-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_md-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_session-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_ssl-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.s390x.rpm x86_64: httpd-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm httpd-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm httpd-debugsource-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm httpd-devel-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm httpd-tools-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm mod_ldap-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_md-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_md-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_proxy_html-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_session-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_session-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_ssl-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+12900+7e6e5641.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYWaJOdzjgjWX9erEAQjH/A/+IjMnqiKvR2A7TcoHRIQHZQypW285erab 41zwx6MsxDMkjShjDE49ESB4qEuuC1wJ7rGkiKtYUwjIOjf4CDAHMDxFcAmw7pCj 366W0iziBrs8Pgl0/wFIni5X/bEyKUJQowz5o7GF28WhtxFW/ZeRHFwDbd2hbIRl y6aLVqw+gn0RzK5BG3hGL6k2wgCIvf+3snamJrN60rnfFeVVvzjmE+G8A0yKrUsC QWz8d46BWz7aaH349cGfSvifbBZuwlK26A8VTt+tDfPd+6U/0qz7iFIa5oekWA5N BjDEI1u8vaR5Bg36nt+9sDuErGfqEnhLwBWMorKZ3nbUhPs9qHArbYxriXwHhH5g 21DU/Xo5nK8rHEQatkK8UmCZiG6tblOS0BWpbSq/ep/7gdGnqkFDoPidfVkjn8sd 9Rq5qEVnGWwcy5KBwzzE2DkfYCFlnZw4/P/VhbZiZGS9UT5MIkHXGzHMmgwB9RGm KSx3Ni5L7cWaKWTtOvzqSsF6skOuGTGOrg+dL6dE/MXocQdBpwDx4M2bOR7ZyQnS ncgP1kbp+mPHwi6EIsE9GSYqDhBFogStn3hyGmFUZjX1AiH6h031ynscV0IEeuHg cuIgy9Sjt0gprzwxdzFSOzNoGaUUC5/M5UHqjnCQIm5N1Nd187lwQmN6IUsD0jjJ UxmNeLWcjWo=Ucp3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The httpd:2.4 module has received a critical update to address SSRF vulnerabilities, classified as High Priority by Red Hat for Red Hat Enterprise Linux.. httpd Security Update, Red Hat Security Advisory, SSRF Threat Update. . Severity: Important. LinuxSecurity.com Team

Oct 13, 2021 •Important Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Red Hat Enterprise Linux 8.2: RHSA-2023:1672-01 Critical: Httpd Request Splitting

RedHat 8.4: RHSA-2023-1596-01 Important: httpd HTTP Request Splitting

Red Hat 8.1 RHSA-2023:1547-01 Important HTTPD Security Threat

Red Hat Enterprise Linux 8: RHSA-2023-0852-01 moderate update for httpd

Red Hat Enterprise Linux 8 RHSA-2022:1915-01 Moderate: httpd Bug Fix

Red Hat: RHSA-2022:0258-01 Important: httpd Buffer Overflow

RedHat: RHSA-2021-4257 Moderate: httpd:2.4 Security Update

Red Hat Enterprise Linux 8.1: RHSA-2021-3837-01 Important SSRF Fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!