ALSA-2022:1915

[ALSA-2022:1915] Moderate: httpd:2.4 security and bug fix update

Type:

security

Severity:

moderate

Release date:

2022-05-10

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)

* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)

* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
aarch64	mod_ldap-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	2aa85d61a5ce39829a01b46a565bbbe306719f3242dbe1d952e31aefc5651caa
aarch64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	63435b6c076025b9b839f99a57bc34d2ea16518c68539c7dda3a94ee36f8d584
aarch64	mod_session-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	6632180c9e2c4a3cbf83214ef8af68ae62c3cd57d0a707b6d4f2f5ffd0b2f72f
aarch64	mod_proxy_html-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	c1b142b22599c76a75aef6ce1a6d5568f85fb39769352f98695debfc7a44399c
aarch64	mod_ssl-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	d06c141ae559a443df2e02aa0e861f36ac87b82fa95f894d07b764053da9ddc5
aarch64	httpd-tools-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	edaad2e97c91de93a318272ebd856499ec2c36475310a64e09351e14ce417087
aarch64	httpd-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	ee155d35516535560d469a895bc6ca9c74382509422ee563df8e4c2d059d85a5
aarch64	httpd-devel-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.aarch64.rpm	fe0025c8043d5ea52f757d61c87d43a626fe69ef25a98ba709608d40a0c80411
noarch	httpd-filesystem-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.noarch.rpm	2a416c05a3158a668bd70c86801c177e3764503da9db427d245864a1ee28cd6d
noarch	httpd-filesystem-2.4.37-47.module_el8.6.0+2935+fb177b09.2.noarch.rpm	4b74eee9498382c832d69438376cb9904179b6b76e695013ffecdc8b3608face
noarch	httpd-manual-2.4.37-47.module_el8.6.0+2935+fb177b09.2.noarch.rpm	541f8dedd45af271c637309f471c252dd40499f0a5c94b7ddc48b178e2a7d1cb
noarch	httpd-manual-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.noarch.rpm	59914fc5e25eb65a88c22209cf3c5a0af071e8b6799a2a651198e737fe15cc46
ppc64le	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
ppc64le	mod_ldap-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	2a207df45b3130a031c15cbae9bf3a633e67e2ca377d39121c32659751080730
ppc64le	httpd-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	8032f8f8d45ae5473e3031a24a55435df35bb2a292fa7d070df3e7a85f1da434
ppc64le	mod_ssl-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	a1f1159085651501db63ca17a7269dd8c6facf4df3a5e450aaf2edab2dbb286b
ppc64le	httpd-tools-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	b0206ce54c66448e2614e239cddfcc60feee8e0175a91be5ba6191fc037af6d3
ppc64le	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	b2a431688af8d7cad9f5f53672698e7980e9dddddf047f495b12468d04ca1f7b
ppc64le	httpd-devel-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	e76bb0955cc0d24ff40e921c95fb92e495d9f7c6caa0f04a8e01ff528bd1900d
ppc64le	mod_session-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	e82d800e548b80fd1f03f89850bd7048aa7c641f70c23df49daee383bfc1526a
ppc64le	mod_proxy_html-2.4.37-47.module_el8.6.0+2935+fb177b09.2.ppc64le.rpm	f86047cc57fc7617430f18d051408a91d66c07535bf2a32a16413d66b68871c1
x86_64	mod_proxy_html-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	25d91b883783e172fb17f34e41e5d9a8d00d1fe08cdae067dccedd9e93548cba
x86_64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	3b1e101e6a9192ff94ee4d007aff494cf5631948586568da7a1c6ac1255c8a68
x86_64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	4aafccf495178ac87983ae2a7616ed7f6df75856120b618d741a80e7bcb4609a
x86_64	httpd-devel-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	77e55d95e14d8c33ddd9c8c8e598e7c60703f0bc838aaaa63bba054addae8f7b
x86_64	mod_ssl-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	8fc6854261703915d7ccd4618e275d297a0a0c7a15cb7c5f8fe8f7c8a9f004c0
x86_64	mod_ldap-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	985529c7b0513c555121439d8f19710361d9f256302efca29427f0c7b915fe51
x86_64	httpd-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	a860ac692a7ab82e77eb8afbdccdd336e2e125c4865347daf63561bb4c749420
x86_64	mod_session-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	b8267f2b3bc762f3fb38124b7e17f41931ac27fca2df6659a5c05b7e2bfdfe34
x86_64	httpd-tools-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm	d423eb1a5929c743e75d3e722b7fe4edccca4c6c4c15b771e8541a3423b7ffcf

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.