Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 34 articles for you...
217
security advisorysecurity patchhttpd updateOracle Linux 9: ELSA-2024-5138 Critical: httpd Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-5138 http://linux.oracle.com/errata/ELSA-2024-5138.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.57-11.0.1.el9_4.1.x86_64.rpm httpd-core-2.4.57-11.0.1.el9_4.1.x86_64.rpm httpd-devel-2.4.57-11.0.1.el9_4.1.x86_64.rpm httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm httpd-tools-2.4.57-11.0.1.el9_4.1.x86_64.rpm mod_ldap-2.4.57-11.0.1.el9_4.1.x86_64.rpm mod_lua-2.4.57-11.0.1.el9_4.1.x86_64.rpm mod_proxy_html-2.4.57-11.0.1.el9_4.1.x86_64.rpm mod_session-2.4.57-11.0.1.el9_4.1.x86_64.rpm mod_ssl-2.4.57-11.0.1.el9_4.1.x86_64.rpm aarch64: httpd-2.4.57-11.0.1.el9_4.1.aarch64.rpm httpd-core-2.4.57-11.0.1.el9_4.1.aarch64.rpm httpd-devel-2.4.57-11.0.1.el9_4.1.aarch64.rpm httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm httpd-tools-2.4.57-11.0.1.el9_4.1.aarch64.rpm mod_ldap-2.4.57-11.0.1.el9_4.1.aarch64.rpm mod_lua-2.4.57-11.0.1.el9_4.1.aarch64.rpm mod_proxy_html-2.4.57-11.0.1.el9_4.1.aarch64.rpm mod_session-2.4.57-11.0.1.el9_4.1.aarch64.rpm mod_ssl-2.4.57-11.0.1.el9_4.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//httpd-2.4.57-11.0.1.el9_4.1.src.rpm Related CVEs: CVE-2024-38476 Description of changes: [2.4.57-11.0.1.el9_4.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-11.1] - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix _______________________________________________ El-errata mailing list
Aug 13, 2024 •Critical Oracle 217
security advisorymoderate severityhttpdOracle Linux 8 ELSA-2024-4197 Moderate: httpd HTTP Response Splitting
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4197 http://linux.oracle.com/errata/ELSA-2024-4197.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm Related CVEs: CVE-2023-38709 Description of changes: httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting(CVE-2023-38709) mod_http2 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [1.15.7-9.3] - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)(CVE-2023-45802) [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy [1.15.7-3] - Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage [1.15.7-2] - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header [1.15.7-1] - new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies [1.11.3-3] - Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service [1.11.3-2] - update release (#1695587) [1.11.3-1] - new version 1.11.3 -Resolves: #1633401 - CVE-2018-11763 mod_http2: httpd: DoS for HTTP/2 connections by continuous SETTINGS [1.10.20-1] - update to 1.10.20 [1.10.18-1] - update to 1.10.18 [1.10.16-1] - update to 1.10.16 (CVE-2018-1302) [1.10.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.13-1] - update to 1.10.13 [1.10.12-1] - update to 1.10.12 [1.10.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.10-1] - update to 1.10.10 [1.10.7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.7-1] - update to 1.10.7 [1.10.6-1] - update to 1.10.6 [1.10.5-1] - update to 1.10.5 [1.10.1-1] - Initial import (#1440780). mod_md _______________________________________________ El-errata mailing list
Jul 05, 2024 Oracle 
217
security advisorymoderate severitysecurity patchOracle Linux 8 ELSA-2023-5050 Moderate: HTTPD HTTP Response Splitting
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-5050 https://linux.oracle.com/errata/ELSA-2023-5050.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64.rpm mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.x86_64.rpm aarch64: httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm httpd-devel-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-manual-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.noarch.rpm httpd-tools-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.aarch64.rpm mod_ldap-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm mod_proxy_html-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_session-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm mod_ssl-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//httpd-2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm Related CVEs: CVE-2023-27522 Description of changes: httpd [2.4.37-56.0.1.7] - Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP response splitting [2.4.37-56.0.1.6] - Set vstring perORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-56.6] - Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690 [2.4.37-56.4] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [2.4.37-56] - Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling [2.4.37-55] - Resolves: #2155961 - prevent sscg creating /dhparams.pem [2.4.37-54] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [2.4.37-53] - Resolves: #2050888 - httpd with SSL fails to start unless hostname command was installed [2.4.37-52] - Add the SNI support in mod_proxy_wstunnel module for Apache httpd - Resolves: rhbz#2017543 mod_http2 [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 mod_md _______________________________________________ El-errata mailing list
Sep 14, 2023 Oracle 98
security advisoryred hathttpdRed Hat: RHSA-2023-3292-01 Important: HTTP Request Splitting in httpd
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2023:3292-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2023:3292 Issue date: 2023-05-24 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL Workstation(v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for RHEL(v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd: HTTP requestsplitting with mod_rewrite and mod_proxy 6. Package List: Red Hat Software Collections for RHEL Workstation(v. 7): Source: httpd24-httpd-2.4.34-23.el7.6.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.6.noarch.rpm ppc64le: httpd24-httpd-2.4.34-23.el7.6.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.6.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.6.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.6.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.6.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.6.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.6.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.6.ppc64le.rpm s390x: httpd24-httpd-2.4.34-23.el7.6.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.6.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.6.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.6.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.6.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.6.s390x.rpm httpd24-mod_session-2.4.34-23.el7.6.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.6.s390x.rpm x86_64: httpd24-httpd-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.6.x86_64.rpm Red Hat Software Collections for RHEL(v. 7): Source: httpd24-httpd-2.4.34-23.el7.6.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.6.noarch.rpm x86_64: httpd24-httpd-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.6.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.6.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZG4bytzjgjWX9erEAQjooxAAnfJIC1C9nfYzAGzhhyRvvVNcyKRx/2Qw /qC3GjIL4P3QFKzRCCKKg9+zH6oDNm3bQm30zm6SEk11TM3s1w7vjXrmkG20ZTU5 0KhuoTmygj4CVu54reNyw4k5POYTYOEhpUAHHyIMAAanDbQk+esRZWFVTdJPG2gd 0Lqy+I8k4l+qmgMd9/LXSoggevw+2+msjNHIXxFxPxGDrBrPjdm78CSYc3xrRp0k IQVCEdhN5olQTNP+1dl89aQsEYQ6ck40XFrFdmnaU+o1e/IjPNFYJFIqkY1fFbud MVEjt7G/TnAt8LTzqcE2Rndnmv3FJErHBKAv4ilYVPT6ilg102OcPKfH6pWdn+aa 12UY6goTyFwkRBd+SG0OGFNa7Xtae1EXg5vDP4T7taV0jy2Gxo6MqepNnQHdM9Qh BzGjYoSyaDc7xuGnWXBJe3e1xmaCZCiD7nBwkKwpyQNlnylKBsaqSh6TKij8d/ux bws4ZMuaLayaS6h4P0huXvDiJfaUzHiRWXrqcGLyeufuPyUW/WiSaGe+OSfir6cO QVzuRYm52n3uYQxd0jr+EvsAChbeykPdkdfbK1GOqB+5y+QrDE7ZcXQquBg31ZiM gWJhYb7TIaXcKzO6HiWFmKCNB9emtMfFuz0+zSSezrwlsF4AQ/klA9echS3Aa3ft XDAn932FGwE=iA+d -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 24, 2023 •Important Red Hat 219
security advisorysecurity fixhttpdRocky Linux 8 RLSA-2023:1673 Important: httpd Security Fix
Important: httpd:2.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:1673", "synopsis": "Important: httpd:2.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for mod_http2, mod_md, httpd, module.httpd, module.mod_md, module.mod_http2.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2176209", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209", "description": ""}], "cves": [{"name": "CVE-2023-25690", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-25690", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-04-12T01:40:50.593087Z", "rpms": {"Rocky Linux 8": {"nvras": ["httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.src.rpm", "httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "httpd-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "httpd-debugsource-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-debugsource-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "httpd-devel-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-devel-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm","httpd-filesystem-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm", "httpd-manual-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm", "httpd-tools-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-tools-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "httpd-tools-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "httpd-tools-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm", "mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.src.rpm", "mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm", "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm", "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm", "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm", "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm", "mod_ldap-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_ldap-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_ldap-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_ldap-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm", "mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.src.rpm", "mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm", "mod_md-debuginfo-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm", "mod_md-debuginfo-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm", "mod_md-debugsource-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm", "mod_md-debugsource-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm", "mod_proxy_html-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_proxy_html-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_proxy_html-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_proxy_html-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_session-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm","mod_session-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_session-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_session-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_ssl-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_ssl-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm", "mod_ssl-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm", "mod_ssl-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Crucial notice regarding httpd:2.4 in Rocky Linux, tackling vulnerabilities. Upgrade immediately for improved security.. httpd Security Fix, Rocky Linux Advisory, Apache HTTP Server Update, Web Server Security Alert. . Severity: Important. LinuxSecurity.com Team
Apr 12, 2023 •Important Rocky Linux 98
security advisoryRed Hat Enterprise Linuxhttpd updateRed Hat 7: RHSA-2023-1593-01 Important: httpd Request Splitting
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2023:1593-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1593 Issue date: 2023-04-04 CVE Names: CVE-2023-25690 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how toapply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-98.el7_9.7.src.rpm noarch: httpd-manual-2.4.6-98.el7_9.7.noarch.rpm x86_64: httpd-2.4.6-98.el7_9.7.x86_64.rpm httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm mod_session-2.4.6-98.el7_9.7.x86_64.rpm mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-98.el7_9.7.src.rpm noarch: httpd-manual-2.4.6-98.el7_9.7.noarch.rpm x86_64: httpd-2.4.6-98.el7_9.7.x86_64.rpm httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm mod_session-2.4.6-98.el7_9.7.x86_64.rpm mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: httpd-2.4.6-98.el7_9.7.src.rpm noarch: httpd-manual-2.4.6-98.el7_9.7.noarch.rpm ppc64: httpd-2.4.6-98.el7_9.7.ppc64.rpm httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm httpd-devel-2.4.6-98.el7_9.7.ppc64.rpm httpd-tools-2.4.6-98.el7_9.7.ppc64.rpm mod_session-2.4.6-98.el7_9.7.ppc64.rpm mod_ssl-2.4.6-98.el7_9.7.ppc64.rpm ppc64le: httpd-2.4.6-98.el7_9.7.ppc64le.rpm httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm httpd-devel-2.4.6-98.el7_9.7.ppc64le.rpm httpd-tools-2.4.6-98.el7_9.7.ppc64le.rpm mod_session-2.4.6-98.el7_9.7.ppc64le.rpm mod_ssl-2.4.6-98.el7_9.7.ppc64le.rpm s390x: httpd-2.4.6-98.el7_9.7.s390x.rpm httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm httpd-devel-2.4.6-98.el7_9.7.s390x.rpm httpd-tools-2.4.6-98.el7_9.7.s390x.rpm mod_session-2.4.6-98.el7_9.7.s390x.rpm mod_ssl-2.4.6-98.el7_9.7.s390x.rpm x86_64: httpd-2.4.6-98.el7_9.7.x86_64.rpm httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm mod_session-2.4.6-98.el7_9.7.x86_64.rpm mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm mod_ldap-2.4.6-98.el7_9.7.ppc64.rpm mod_proxy_html-2.4.6-98.el7_9.7.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm mod_ldap-2.4.6-98.el7_9.7.ppc64le.rpm mod_proxy_html-2.4.6-98.el7_9.7.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm mod_ldap-2.4.6-98.el7_9.7.s390x.rpm mod_proxy_html-2.4.6-98.el7_9.7.s390x.rpm x86_64: httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-98.el7_9.7.src.rpm noarch: httpd-manual-2.4.6-98.el7_9.7.noarch.rpm x86_64: httpd-2.4.6-98.el7_9.7.x86_64.rpm httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm mod_session-2.4.6-98.el7_9.7.x86_64.rpm mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm Red Hat Enterprise LinuxWorkstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCw/FNzjgjWX9erEAQjM/w/9FYUd2qLJ+jwRERhmGRjw3SXsdmbHZXU+ Zg8atgtKPLRPBfcY+dCqXkctCWuqwXUgUkswFQfgMK9xYv2YKXPZU70r2ouB7xub jDBHAAaUtLpR+zwKqPmrjVvcOzYXx1OgKeG4wDROvOi94OM2sallCXDQuehW3C43 mVTV0x65r0pRDD28rQsQwJr3GiAhu2H4gE5L/5n708VJyRXKOI0YDlPu/hR2HDb0 PgtxXwCL8jUT1xsk1TPpH23JLqV5/PwgJFcdCgIZPJDBcIy7dd/VTFftVSdPzHLS pEaHMa9j4sYIR9/9rnadPwPTBh+QEeg4NlH2MiXHnXtW3H+nLHO2st9yF0WUZDSA CuOIjiguPnJh20mije3sCyWW8Wx7RcHypmHMdJFzxdXHhmr3Y8hyZY8/8edx6QV9 ZaXr1Q4p0ieSB6GOIkcXXhHxcklWYSO1jiL8R4wP6ZnaCS1cLNrIQXMc9o+iZ5iQ Z0NqYNP32FRQrN0tYMzqCA0Idarz7LXZ0tHDvxBp06MMpmk0tQUFhK+wsAjBXj5V yUBtpVmaHALyI8pDm4Wa7M3g4gxY3/fP2NQxwvNITQndH4RIWXk3TAHqPekoiM+v cOzHHWMljSNYAOTZQy3D5iocIiu13oROVjpHPeuHsleF0mQuE0TP7mLFwmSktlLO p9qd9hvH7to=biCH -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 04, 2023 •Important Red Hat 217
security advisorymoderatesecurity issueOracle Linux 9 ELSA-2023-0970 Moderate: Httpd Update and Security Issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0970 https://linux.oracle.com/errata/ELSA-2023-0970.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.53-7.0.1.el9_1.1.x86_64.rpm httpd-core-2.4.53-7.0.1.el9_1.1.x86_64.rpm httpd-devel-2.4.53-7.0.1.el9_1.1.x86_64.rpm httpd-filesystem-2.4.53-7.0.1.el9_1.1.noarch.rpm httpd-manual-2.4.53-7.0.1.el9_1.1.noarch.rpm httpd-tools-2.4.53-7.0.1.el9_1.1.x86_64.rpm mod_ldap-2.4.53-7.0.1.el9_1.1.x86_64.rpm mod_lua-2.4.53-7.0.1.el9_1.1.x86_64.rpm mod_proxy_html-2.4.53-7.0.1.el9_1.1.x86_64.rpm mod_session-2.4.53-7.0.1.el9_1.1.x86_64.rpm mod_ssl-2.4.53-7.0.1.el9_1.1.x86_64.rpm aarch64: httpd-2.4.53-7.0.1.el9_1.1.aarch64.rpm httpd-core-2.4.53-7.0.1.el9_1.1.aarch64.rpm httpd-devel-2.4.53-7.0.1.el9_1.1.aarch64.rpm httpd-filesystem-2.4.53-7.0.1.el9_1.1.noarch.rpm httpd-manual-2.4.53-7.0.1.el9_1.1.noarch.rpm httpd-tools-2.4.53-7.0.1.el9_1.1.aarch64.rpm mod_ldap-2.4.53-7.0.1.el9_1.1.aarch64.rpm mod_lua-2.4.53-7.0.1.el9_1.1.aarch64.rpm mod_proxy_html-2.4.53-7.0.1.el9_1.1.aarch64.rpm mod_session-2.4.53-7.0.1.el9_1.1.aarch64.rpm mod_ssl-2.4.53-7.0.1.el9_1.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//httpd-2.4.53-7.0.1.el9_1.1.src.rpm Related CVEs: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 Description of changes: [2.4.53-7.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling _______________________________________________ El-errata mailing list
Feb 28, 2023 Oracle 217
security advisorysecurity fixmoderate severityOracle Linux 8 ELSA-2023-0852 Moderate: Httpd Update for Security Issues
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0852 https://linux.oracle.com/errata/ELSA-2023-0852.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.x86_64.rpm aarch64: httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-devel-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm httpd-filesystem-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-manual-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.noarch.rpm httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.aarch64.rpm mod_ldap-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.aarch64.rpm mod_proxy_html-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_session-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm mod_ssl-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//httpd-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.src.rpm Related CVEs: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 Description of changes: httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index pageoracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling _______________________________________________ El-errata mailing list
Feb 22, 2023 Oracle 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!