[ALSA-2020:4751] Moderate: httpd:2.4 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-11-03
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236) Security Fix(es): * httpd: memory corruption on early pushes (CVE-2019-10081) * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) * httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
  • httpd-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • httpd-devel-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • httpd-filesystem-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.noarch.rpm
  • httpd-manual-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.noarch.rpm
  • httpd-tools-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • mod_http2-1.15.7-2.module_el8.3.0+2016+8bf57d29.x86_64.rpm
  • mod_ldap-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • mod_md-2.0.8-8.module_el8.3.0+2016+8bf57d29.x86_64.rpm
  • mod_proxy_html-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • mod_session-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
  • mod_ssl-2.4.37-30.module_el8.3.0+2016+8bf57d29.alma.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.