[ALSA-2020:4751] Moderate: httpd:2.4 security, bug fix, and enhancement update
Release date:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236) Security Fix(es): * httpd: memory corruption on early pushes (CVE-2019-10081) * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) * httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm 2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
ppc64le mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm 1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
x86_64 mod_md-2.0.8-8.module_el8.5.0+2609+b30d9eec.x86_64.rpm 07eaab23220a00e74367efca529b32f0458f1d030c59858da40eed8ed9fe9ce9
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.