Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryupdatered hatRed Hat JBoss: RHSA-2022:1390-01 Important HTTP Server Critical Update
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update Advisory ID: RHSA-2022:1390-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:1390 Issue date: 2022-04-20 CVE Names: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 CVE-2022-0778 CVE-2022-22720 CVE-2022-23308 ==================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes andenhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720) * libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) * libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) * libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) * libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) * libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) * libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms 1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c 1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c 1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c 1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode 2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREFattributes 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling 5. References: https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmCHYdzjgjWX9erEAQjJjA//TlmKlXUIUrAzFHiX4FK6jnOSYJYvpzrm E4CfkuZuL6WO/ygsBTHjAtvx6t+qT7R+lppp9qCMjf9WAtOLe3IvLUNA9XLmC6bC V1WaZ7MafCRqUtoX6LSsxVqGZJuK2t4W5n0YVX1OdDBT3/1IxeztweKUN0exw8XV zmsfBCr8W/B6MwbICKGv3M0DhUkqAtNrBrhTcZeVdFfUOB1VZoIb4kNH3qj5o9kH 0xG/Bx3Phz9LuTEhTmb/Ze0jypXoLJPBntew8Ti38wAenwgDTy9pGeLYyCIFJn2Q tGU53FhiSsCxQT0Gy9JEiB+43zQNNFdO9wDl2mWTT3fAgt5rkBLLCcQ5u6vH2MDb MHV5jjWQq8TBEWoNOstbAOwTCLrjTQlb3B0wd5nXZFRVmKiBGfbrQN8TepnztzLU Q3O2vLw9dlLGWwAx5/gioolUzEpzh//ojnve30By7aHhoOyKBurWP4HlfS9kT/V8 sqi564YiWK6o5O3USUB08XRKKqcuaJ/Wj6MzNZNsLYgIw7pEx62AsuFIIHXGu4N4 QYYKYqyThck7GVUMkKEP7zAAqO7w1cBmT5RZdqtTPv3khfUL7Z0Xfr1Ze/cRRHbL H6hsmdpsToz3etPpkAzzRWRV4648gJtdeyLbk1GrqZvb2NOINhb6hjckesY8byfh ejI4MjWMI50=bUZn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 20, 2022
•Important
Red Hat
98
security advisorymoderatesecurity updateRedHat: RHSA-2020-4383-01 Moderate: Apache HTTP Server Security Update
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update Advisory ID: RHSA-2020:4383-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:4383 Issue date: 2020-10-28 CVE Names: CVE-2019-1551 CVE-2019-5435 CVE-2020-11984 CVE-2020-11993 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 4 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixesand enhancements included in this release. Security fix(es): * curl: Integer overflows in curl_url_set() function (CVE-2019-5435) * openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551) * httpd: mod_http2 concurrent pool usage (CVE-2020-11993) * httpd: mod_proxy_uswgi buffer overflow (CVE-2020-11984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1710609 - CVE-2019-5435 curl: Integer overflows in curl_url_set() function 1780995 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular exponentiation on x86_64 1866563 - CVE-2020-11984 httpd: mod_proxy_uwsgi buffer overflow 1866564 - CVE-2020-11993 httpd: mod_http2 concurrent pool usage 5. References: https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5435 https://access.redhat.com/security/cve/CVE-2020-11984 https://access.redhat.com/security/cve/CVE-2020-11993 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX5mTO9zjgjWX9erEAQhpZQ/+II6FVUvIz4QdJZK4cJTamjR3hN5vvn2Y q3C1GkwOQBDf6Bzm+mDLQfBjMlyI9l984Leir5FAANg9OUnSLFE5DewWAu7yo+RL asLZ5hdmYy607jvjGExooJEvpgbY1x11LC/p6ty/l1uqopzV2UA7+zjlJc+JwbFu kAUGpkVFtTBudLxJEPEi47te/EdK7LilKcvkh6bRge8EGJa0tvjb8QMQW2jitjJT NDA1spJV7bWYPg5c8K1Kd4vZVi5C+lP6DyvXzp4063byj5/2voUL0ZpX/QZTEupH +TQq2vo41y9RUpTliSHIdIQEuWh+byO2cV9Eoow5Yvtfnvesknvk7SWg2Miljwkh I1+aB4eeoVhIO83qhJY0vwRCRNkUJlPH/lNOxtaBCEhE+ExmP2y37nDahei/rVFc 3lBeIX54W7u39CP3vsEL9XIj24v8YrE1kyr/kNDlw+ydeZPN19d4rYrwqnslX7uj LKj5r8NXInlftsz2oz/LgcHUAH+kdVGWExczlJVfnNp+GWQGX9SD2LVW8HBZA08G ugMmr83hGu1arwGQZMfxVQkPAAfgp03TTMH4LVGidWoMbMW1OOUe5rRPjJNvaMsh D2itBCwZGGM0W3SrSJWBCcZfYv0fkPWMFa+rq/KxjPd7Y9Bb5FJBx612ACidpZru zScNtMeq3nw=6+lL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 28, 2020
Red Hat
98
security advisorymoderateupdateRed Hat: RHSA-2020-1337 Moderate: JBoss Core Services Apache HTTP Server
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update Advisory ID: RHSA-2020:1337-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:1337 Issue date: 2020-04-06 CVE Names: CVE-2019-1547 CVE-2019-1549 CVE-2019-1563 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes andenhancements included in this release. Security Fix(es): * openssl: side-channel weak encryption vulnerability (CVE-2019-1547) * httpd: memory corruption on early pushes (CVE-2019-10081) * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * openssl: information disclosure in fork() (CVE-2019-1549) * openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1743956 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page 1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect 1743966 - CVE-2019-10081 httpd: memory corruption on early pushes 1743974 - CVE-2019-10082 httpd: read-after-free in h2 connection shutdown 1743996 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip 1752090 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability 1752095 - CVE-2019-1549 openssl: information disclosure in fork() 1752100 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey 6. Package List: Red Hat JBoss Core Services on RHEL 6Server: Source: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6.x86_64.rpm Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-86.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-41.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-22.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-1547 https://access.redhat.com/security/cve/CVE-2019-1549 https://access.redhat.com/security/cve/CVE-2019-1563 https://access.redhat.com/security/cve/CVE-2019-10081 https://access.redhat.com/security/cve/CVE-2019-10082 https://access.redhat.com/security/cve/CVE-2019-10092 https://access.redhat.com/security/cve/CVE-2019-10097 https://access.redhat.com/security/cve/CVE-2019-10098 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.37 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXouCx9zjgjWX9erEAQg57RAAni5W7SYIMdXwBveY7LVVU8HUzHhrOSH0 H6dPGPAhcfR2XehGfODuqax7Ma94mZKE2PXxujpmxlA1Scg+IvpG9Mrj4QllKgEU v+Gsq8Hs3LtZS7B1sytl2vIKUOuUhjR8W+61Zh5X8oG5POhQbaavjTakGjPHt8AU mXWraZevjvIzHWKitg9dhAbCerEy+aaf4yhgrXadqv5kwT1ud2TNqDqR4ayAx4Gm UjOTvhg04eMExzTIUjabpN1khA70tMljxWWTwwejj2uCXeGEggImkL4hM882FwVZ Z9FTyQjY92r8S8jbxmQxo7MC7bSoZGrl//Dg+4EA+60j1p7OjXISLKXBZYoQcrtr c+CZXbUVPXH8vBcGF5TixrfbpZnF2GYq4S0XajhhXWJ0kskAR4zAjTmD5w8vVIBr PJ/yPeAYSFjkDuKaKnbvrXN8YS4hLfcW5EbwsSD5GXF1bgC9pftdpJJ321ElSYIW zdqujswl6NbMozTXBPbxF3lmNY+DpDeJZ9FZy5nfDxpGNNzkk9kdkrQlUZ5Uy/78 1/kEmhhAnr0s19WPsbhAk4mdzFr+pcRYZcJTtsOVTH3CoVO2+g9icZOLmmkk3lx3 L4GcquyY7qYsn2frT5HuGME/iXpkKjlJlY0EjUEjvPCO9IzLWlGMWDvKXNG/Ma7L i1VWpzjNjpU=uXCZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 06, 2020
Red Hat
98
security advisorysecurity issuered hatRed Hat JBoss Core Services Apache HTTP Update RHSA-2020-0250-01 Low Risk
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update Advisory ID: RHSA-2020:0250-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:0250 Issue date: 2020-01-27 CVE Names: CVE-2019-0220 ==================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s),including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1695036 - CVE-2019-0220 httpd: URL normalization inconsistency 6. JIRA issues fixed (https://issues.redhat.com/): JBCS-129 - httpd/mod_proxy prepends error page for HEAD request to a next response for next GET request JBCS-343 - Unwanted service start after installation selinux package JBCS-451 - mod_proxy_http incorrectly requires continue response after already sending response data JBCS-632 - JBCS rpm scripts are affecting RHEL httpd service. JBCS-813 - Changing ownership of files should be done via postinstall instead of just documentation JBCS-847 - Create mod_http2 and mod_md as separate components JBCS-856 - Upgrade openssl to 1.1.1.c 7. Package List: Red Hat JBoss Core Services on RHEL 6Server: Source: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.src.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.src.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.src.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.src.rpm jbcs-httpd24-mod_jk-1.2.46-26.redhat_1.jbcs.el6.src.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.src.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.i686.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.i686.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-41.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el6.x86_64.rpm Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-73.jbcs.el7.src.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.src.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el7.src.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.46-26.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-41.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-73.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-54.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-9.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-24.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-21.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-13.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-13.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.11.3-8.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.11.3-8.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-26.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-10.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-10.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-20.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-20.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-41.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-10.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1c-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1c-4.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-0220 https://access.redhat.com/security/updates/classification/#low 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXi9Uu9zjgjWX9erEAQh2dRAAoubJk9xUw4wJV0BfqKRpg0c/z5kD+cd9 XGAO7bdOn2sGUQBKAJ5ckYw/bOLM+fupYhhGmzx7Fd33cMxbw0srqhfrATcDzVBJ h9/vLfROoQDJZWe7roUkvR8Z3OwNlxG2SjOx+ohQze/SVGy/Dhjpsj1JCRGRPW9x aPDGGQ+wu7PbS2CUyFfOsbFTUmJkEPCZsHcdWFyUI0GlnT5EHXLMknEnQ+Mn2WJ1 DA/46QTExAfpKZkNbuBoBHjbTKH+BOh6T7SYQY1LqbzUn2XH/r9vlKZRyFOi8n6U gBZnE1gwZZjQWeZfG+zLdGCanwJ3qs/0ZB/Q3zGysPxivPjr+KsJmsDRPGSRmPQA 3/tOUrg4aAyv3OpXGTvEQUJ0HDDT2LhsRUV7aF5fvXR+ZaVcEUTJYTq0VkOPWd/2 /T1lmnaWJDSBK8/dJk8G83BQs47u1c+uu12soy5aIa6R4F0ZAHs5xC80QmaAjUzy jJ4Qsgs1CwnGwFDKqT45J+p2Ccebj3K38QldMzhlpS2NI/bTghJaKw9CVv/fnavd tyfvCO8/3m+IANt1lI3gOpAb+x75JUZKloriASFYJaJOgzaxg/CtcIEm/xzXBF0R 7quXwGis4hhQIGPhD5I5H6rZqZHYuUdQfw4eEXG+YdKdQ9kJb7YqHP5Q4CYjBZEs VT/aOg6NSjc=rO8T -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 27, 2020
•Low
Red Hat
98
security advisoryupdatered hatImportant Update RHSA-2019:3933-01 for Red Hat JBoss Core Services HTTP
An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7 Advisory ID: RHSA-2019:3933-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2019:3933 Issue date: 2019-11-20 CVE Names: CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0197 CVE-2019-0217 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2019-9517 ==================================================================== 1. Summary: An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.callows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 -CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.6.3-63.jbcs.el7.src.rpm jbcs-httpd24-apr-util-1.6.1-48.jbcs.el7.src.rpm jbcs-httpd24-brotli-1.0.6-7.jbcs.el7.src.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-33.jbcs.el7.src.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.46-22.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1-25.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-33.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-7.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el7.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el7.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-20.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-14.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.4.37-33.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-63.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-1.0.6-7.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el7.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el7.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-20.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-14.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1-25.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-17189 https://access.redhat.com/security/cve/CVE-2018-17199 https://access.redhat.com/security/cve/CVE-2019-0196 https://access.redhat.com/security/cve/CVE-2019-0197 https://access.redhat.com/security/cve/CVE-2019-0217 https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPG v1 iQIVAwUBXdVmUNzjgjWX9erEAQgHaA/5ATJ1vNONW5SjAljtzRcgd0M7yegmqkML /+Fau+KCMjV6qEz5Hd79mubu+uf405EXfuJdi0Da5vbBVEK9PY5H+46Ea5BozqJE mgPIulbir54fQkWV/8eltCF7GRcs1k+DRa8NLGyXZxAcgKXxy4vAx00tjPEwPAZw CLPHLujYehq5Wty83gvnST8Set3n2f0eREbLpFMMIUZDErGlh6PZs1I1Id1BaBDF SAAiZeWmwF3jOTknmkZc8m+dnFrn80hF5O5QwadlNgn2FmheT365hW+443z5RTlM bL+pboWM9mmd9NAHse0lwW2IARA5Vr593qbbMwOGXrt9PEhivpRcMbbKb7JMEJQY 6HM+Eo/5vPzA4iR+c5OzdsF3fSYdigR7duUNU40QZbP+++RyaCYSxLM9XSfDe9v/ YQi7TgZ/iv9vilMtNvHsrLzgpj7ltLl3Qk6HB+2zBLJOivf/Quji1efEFE59bfkS TJ4pCLc7JA1dN5Xg4+xyn8d60JVG/w+ZloPLYegXL4yU8mb0Fz/3AFS99kEsok6U hq5p3/qWJmM0MMFmwPVAM6nIYPJai6xKmGzN2d42LG7bTFhAEGFQuvrnSWm49b3Q 4TaV/VN89NjpxXxB4mn0eK4lCtndEYGTXnIZTRv1ju60Zsoz+YcQf/Xy/236CvnK TbHYaKmVCfE=6pM8 -----END PGP SIGNATURE-------RHSA-announce mailing list
Nov 20, 2019
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!