Oracle alert ELSA-2024-4720 (httpd:2.4)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2024-4720 Important: Oracle Linux 8 httpd:2.4 security update | |
| Date: | Thu, 25 Jul 2024 09:17:53 -0700 | |
| Message-ID: | <mailman.328.1721924284.5126.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2024-4720 http://linux.oracle.com/errata/ELSA-2024-4720.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90327+96b8ea28.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//httpd-2.4.37-65.... http://oss.oracle.com/ol8/SRPMS-updates//mod_http2-1.15.7... http://oss.oracle.com/ol8/SRPMS-updates//mod_md-2.0.8-8.m... Related CVEs: CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38477 CVE-2024-39573 Description of changes: httpd [2.4.37-65.0.1.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) mod_http2 mod_md _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata