Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
217
security advisorymoderate severityhttpdOracle Linux 8 ELSA-2024-4197 Moderate: httpd HTTP Response Splitting
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4197 http://linux.oracle.com/errata/ELSA-2024-4197.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm Related CVEs: CVE-2023-38709 Description of changes: httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting(CVE-2023-38709) mod_http2 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [1.15.7-9.3] - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)(CVE-2023-45802) [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy [1.15.7-3] - Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage [1.15.7-2] - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header [1.15.7-1] - new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies [1.11.3-3] - Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service [1.11.3-2] - update release (#1695587) [1.11.3-1] - new version 1.11.3 -Resolves: #1633401 - CVE-2018-11763 mod_http2: httpd: DoS for HTTP/2 connections by continuous SETTINGS [1.10.20-1] - update to 1.10.20 [1.10.18-1] - update to 1.10.18 [1.10.16-1] - update to 1.10.16 (CVE-2018-1302) [1.10.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.13-1] - update to 1.10.13 [1.10.12-1] - update to 1.10.12 [1.10.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.10-1] - update to 1.10.10 [1.10.7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.7-1] - update to 1.10.7 [1.10.6-1] - update to 1.10.6 [1.10.5-1] - update to 1.10.5 [1.10.1-1] - Initial import (#1440780). mod_md _______________________________________________ El-errata mailing list
Jul 05, 2024
Oracle
100
security advisorymoderate severitypython updateSUSE: 2023:4184-1 moderate: proxy-httpd security update
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4184-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.4 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.4 Container Release : 9.43.4 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated . SUSE updates the suse/manager/4.3/proxy-httpd container, addressing issues and improving security measures.. SUSE Container Update, Proxy-Httpd Security Fix, Python3-Cryptography Update. . LinuxSecurity.com Team
Dec 18, 2023
SuSE
98
security advisorysecurity updatered hatCritical Update: Red Hat Enterprise Linux 8.6 RHSA-2023:1597-01 HTTP Attack
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd:2.4 security update Advisory ID: RHSA-2023:1597-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1597 Issue date: 2023-04-04 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd: HTTP request splittingwith mod_rewrite and mod_proxy 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): Source: httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.src.rpm mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm noarch: httpd-filesystem-2.4.37-47.module+el8.6.0+18507+843660a1.4.noarch.rpm httpd-manual-2.4.37-47.module+el8.6.0+18507+843660a1.4.noarch.rpm ppc64le: httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm s390x: httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm x86_64: httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat securitycontact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCw/ItzjgjWX9erEAQhMag//dova9BZiJO/mz0LVTMW0eVp3tMsSayX6 fCuTlL0U2LOYllp4ijrcAlxnTIxBLw1NCfqEgLMU3Yl5l/hfuSGItA2qnhIfHbla Dplqpqa3GWAhAbZzrkNTOgusJ8virsaAlCTx9H+aw4uhp8xQiAt4LyGfdu4RC+cy jMa7UQbPCXRf9eG6jHnpjM4AxZV6gug1x8jR8OID7JwV+BcBqQjRVxVel4emmp0a 71cK1sveJMjJUs7WttZ182vG6tk28l/mUJiOvesuSHKj4qEGNAVV61rDeuo7WwLn x5B0eVqEtmwM92vLyODd/YpctmRFtQhiUxkkklhOR3CRW24EKWXJltslq3UJ8FiM BLwqsfDxHMPUlAjOo/Z7TkJVXHCLF/BmjjeaNr5mnvB1RO74LELJM8vU4uZ3hdGA 4/CHSD8xQwCzJxqMb6NpTyMblQICf0njcR5ccsQggqb/LGL6DLXTsIEgSPbS1YmZ rFr+ZuMhaISn/LJ8M/I/ELpdJpX6kDgisV/BpsqUwxZT5/VhBtFhVw7OcON8hrnY 8OQ++i4QLZv+70v+fQ1lilFTBNdcqqu4rgmC5NW1BDcyL2uKuEBA/0MJoq2L50zv OWEl7V/lRUGkMEHOYFVYS4fwORAuYyc2rFc/+Rfco6iARROYEZ6mQQYLxaOG36EU WWRX4KTkgrM=2Owu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 04, 2023
•Important
Red Hat
217
security advisorysecurity fixmoderate severityOracle Linux 8 ELSA-2023-0852 Moderate: Httpd Update for Security Issues
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0852 https://linux.oracle.com/errata/ELSA-2023-0852.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm aarch64: httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm Related CVEs: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 Description of changes: httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index pageoracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling _______________________________________________ El-errata mailing list
Feb 22, 2023
Oracle
100
security advisorymoderateapache2SUSE: 2018:2815-2 Moderate: Apache2 Request Smuggling and CRLF Injection
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2815-2 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 _______________________________________________ sle-security-updates mailing list
Oct 18, 2018
SuSE
98
security advisoryDoS issuesecurity impactRed Hat Application Stack v2 : RHSA-2009:1156-01 Important DoS
Updated httpd packages that fix multiple security issues are now available for Red Hat Application Stack v2. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2009:1156-01 Product: Red Hat Application Stack Advisory URL: https://access.redhat.com/errata/RHSA-2009:1156.html Issue date: 2009-07-14 CVE Names: CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 ==================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Application Stack v2. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Description: The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. (CVE-2009-1890) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) A flaw was found in the handling of the "Options" and "AllowOverride" directives used by the Apache HTTP Server. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local userswere not restricted from executing commands from a Server-Side-Include script as intended.(CVE-2009-1195) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes 509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate 509375 - CVE-2009-1890 httpd: mod_proxy reverse proxy DoS (infinite loop) 6. Package List: Red Hat Application Stack v2 for Enterprise Linux (v.5): Source: i386: httpd-2.2.11-3.el5s2.i386.rpm httpd-debuginfo-2.2.11-3.el5s2.i386.rpm httpd-devel-2.2.11-3.el5s2.i386.rpm httpd-manual-2.2.11-3.el5s2.i386.rpm mod_ssl-2.2.11-3.el5s2.i386.rpm x86_64: httpd-2.2.11-3.el5s2.x86_64.rpm httpd-debuginfo-2.2.11-3.el5s2.i386.rpm httpd-debuginfo-2.2.11-3.el5s2.x86_64.rpm httpd-devel-2.2.11-3.el5s2.i386.rpm httpd-devel-2.2.11-3.el5s2.x86_64.rpm httpd-manual-2.2.11-3.el5s2.x86_64.rpm mod_ssl-2.2.11-3.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-1195 https://www.cve.org/CVERecord?id=CVE-2009-1890 https://www.cve.org/CVERecord?id=CVE-2009-1891 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFKXOENXlSAg2UNWIIRAphhAJ0VvHd5YGiMlc050i8pykPMbkT2zgCfRnjg A7hj/bXYnC37VmpVX48Bsvw=wsXi -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 14, 2009
•Important
Red Hat
98
security advisorysoftware updateRed Hat Enterprise LinuxRed Hat: RHSA-2009:1075-01 Moderate: httpd Command Injection Threat
Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2009:1075-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1075.html Issue date: 2009-05-27 CVE Names: CVE-2008-1678 CVE-2009-1195 ==================================================================== 1. Summary: Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script asintended. (CVE-2009-1195) All httpd users should upgrade to these updated packages, which contain backported patches to resolve these issues. Users must restart httpd for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 447268 - CVE-2008-1678 httpd: mod_ssl per-connection memory leak for connections with zlib compression 489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes 497077 - memory leak in httpd 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: httpd-2.2.3-22.el5_3.1.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.1.i386.rpm mod_ssl-2.2.3-22.el5_3.1.i386.rpm x86_64: httpd-2.2.3-22.el5_3.1.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.1.x86_64.rpm mod_ssl-2.2.3-22.el5_3.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: httpd-debuginfo-2.2.3-22.el5_3.1.i386.rpm httpd-devel-2.2.3-22.el5_3.1.i386.rpm httpd-manual-2.2.3-22.el5_3.1.i386.rpm x86_64: httpd-debuginfo-2.2.3-22.el5_3.1.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.1.x86_64.rpm httpd-devel-2.2.3-22.el5_3.1.i386.rpm httpd-devel-2.2.3-22.el5_3.1.x86_64.rpm httpd-manual-2.2.3-22.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: httpd-2.2.3-22.el5_3.1.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.1.i386.rpm httpd-devel-2.2.3-22.el5_3.1.i386.rpm httpd-manual-2.2.3-22.el5_3.1.i386.rpm mod_ssl-2.2.3-22.el5_3.1.i386.rpm ia64: httpd-2.2.3-22.el5_3.1.ia64.rpm httpd-debuginfo-2.2.3-22.el5_3.1.ia64.rpm httpd-devel-2.2.3-22.el5_3.1.ia64.rpm httpd-manual-2.2.3-22.el5_3.1.ia64.rpm mod_ssl-2.2.3-22.el5_3.1.ia64.rpm ppc: httpd-2.2.3-22.el5_3.1.ppc.rpm httpd-debuginfo-2.2.3-22.el5_3.1.ppc.rpm httpd-debuginfo-2.2.3-22.el5_3.1.ppc64.rpm httpd-devel-2.2.3-22.el5_3.1.ppc.rpm httpd-devel-2.2.3-22.el5_3.1.ppc64.rpm httpd-manual-2.2.3-22.el5_3.1.ppc.rpm mod_ssl-2.2.3-22.el5_3.1.ppc.rpm s390x: httpd-2.2.3-22.el5_3.1.s390x.rpm httpd-debuginfo-2.2.3-22.el5_3.1.s390.rpm httpd-debuginfo-2.2.3-22.el5_3.1.s390x.rpm httpd-devel-2.2.3-22.el5_3.1.s390.rpm httpd-devel-2.2.3-22.el5_3.1.s390x.rpm httpd-manual-2.2.3-22.el5_3.1.s390x.rpm mod_ssl-2.2.3-22.el5_3.1.s390x.rpm x86_64: httpd-2.2.3-22.el5_3.1.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.1.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.1.x86_64.rpm httpd-devel-2.2.3-22.el5_3.1.i386.rpm httpd-devel-2.2.3-22.el5_3.1.x86_64.rpm httpd-manual-2.2.3-22.el5_3.1.x86_64.rpm mod_ssl-2.2.3-22.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-1678 https://www.cve.org/CVERecord?id=CVE-2009-1195 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFKHUzVXlSAg2UNWIIRAiORAJ4mQCuNpbf4glbj+0P82K1T4tuN4gCYl/HD qHjvyaVklI/m8xW6XpEVKA==yheQ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 27, 2009
Red Hat
200
security advisoryxpdfmod_auth_pgsqlScientific Linux: RHSA-2005:840-02 Critical Xpdf Security Update
Important: xpdf security update. Date: Fri, 6 Jan 2006 18:12:49 -0600 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 301,302,303,304,305 i386 now available Comments: To:
Jan 06, 2006
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!