ALSA-2022:7647

[ALSA-2022:7647] Moderate: httpd:2.4 security update

Type:

security

Severity:

moderate

Release date:

2022-11-11

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
* httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_ldap-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	166f503b3d0eb4db4f9351622f55b5acab637f7e615f9368bbd2beeadf71f1e5
aarch64	httpd-devel-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	2268dd2a781cff4cc54fef34baa2e163983e67ec853844f84aa45c46d7d82593
aarch64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
aarch64	mod_ssl-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	2f86c64aebb8bbc9255c7864f36e1a81195cde37bce308991d7629b2773f9cbc
aarch64	httpd-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	5d49fff4aeaebe34ad37853f0a121d06318e1b6363c57fda4084aeecc4ae3cc7
aarch64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	63435b6c076025b9b839f99a57bc34d2ea16518c68539c7dda3a94ee36f8d584
aarch64	httpd-tools-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	aa9d3433f4c19d9e02e6f6833cbbb40ddc1c83cfe422bce1c4d563787afe54b9
aarch64	mod_session-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	dac51b8fa2b414046d671354e7639c2f4b7cf5dcec5f861ab5d5152cf94e9213
aarch64	mod_proxy_html-2.4.37-51.module_el8.7.0+3281+01e58653.aarch64.rpm	f6813e36e428b8931218c29c25c68f19142fea727167938758b6395e4dd6cfc5
noarch	httpd-manual-2.4.37-51.module_el8.7.0+3281+01e58653.noarch.rpm	0cd97552465075dfd022c0bd6d4ac969d921055fbd543d30f5ed6c2f43378584
noarch	httpd-filesystem-2.4.37-51.module_el8.7.0+3281+01e58653.noarch.rpm	da54bbf61cbf677cc198efb89651ab45c00796962dd6d3c1902ca2b08545f758
ppc64le	mod_ldap-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	04da1fc0e28a363acbb4838e5e4356dfcf464cc0f73686f2c3db98161f193459
ppc64le	mod_ssl-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	1105bb5b2bebe2f18e900175eb6074b1131215a059ba9edaeea59f063cbea347
ppc64le	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
ppc64le	httpd-devel-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	2e340a36213185819f363c5a86ec65a21a1209bffadce54c118aef59ecc07a18
ppc64le	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	b2a431688af8d7cad9f5f53672698e7980e9dddddf047f495b12468d04ca1f7b
ppc64le	httpd-tools-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	b71c48fd4fa2e0cb82220a7769872db053c4f86c51c74453732e9fb14081e77d
ppc64le	mod_proxy_html-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	c3eb33aa176567b1da073220563994a588fe5634c46502f81e818c302b5e645e
ppc64le	mod_session-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	cb4d352c4e0bfec8187e02dbb32f767033d3839d6a31dcd316afd8dd9833d0da
ppc64le	httpd-2.4.37-51.module_el8.7.0+3281+01e58653.ppc64le.rpm	d4184b9eb06e1fbeefd02a3e9691d99595d0d4e579f5d3e57d63de68462377de
s390x	mod_proxy_html-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	03ebd7d41b7ea4e96a0c180939f37200b981a06dffa46ead348beb55f6a1e6dc
s390x	httpd-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	764246738095a92f65016f9c306a454bcc2a63580ebb569bab946e32e2d83d37
s390x	mod_ldap-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	84766343e7ad27252a98be834a0cfb8472725bf754155e763f4265b1498261a1
s390x	httpd-devel-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	b424a8cbd8b5a2ff49e599f1fd0042674dcb317aa82c3402386733a858d07952
s390x	httpd-tools-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	beddede9851f1e0dc48770865ea4a65ee422aa6dde2fb7c31858feeded672010
s390x	mod_ssl-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	ccc4846034f2867326cf8a4a0ea3436c1874a9bfea329dd85ba423e1b3fe7391
s390x	mod_session-2.4.37-51.module_el8.7.0+3281+01e58653.s390x.rpm	cda5bfedcd8ecbd6fa74f5d5b3a2c5f1b54a2af4bc928e59b5d20f1b2ab3362c
s390x	mod_md-2.0.8-8.module_el8.6.0+3031+fb177b09.s390x.rpm	e47754aea99df8718074dd3d1df288b448b0af9d0ba4f0f8c6a3b5c8a164a1a7
s390x	mod_http2-1.15.7-5.module_el8.6.0+3031+fb177b09.s390x.rpm	e8187fd68cc4d43ebb70e094da2d353e580a7da3f03882c5c03f6dce81d7fac5
x86_64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	3b1e101e6a9192ff94ee4d007aff494cf5631948586568da7a1c6ac1255c8a68
x86_64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	4aafccf495178ac87983ae2a7616ed7f6df75856120b618d741a80e7bcb4609a
x86_64	mod_ssl-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	6b8f617d8b75682ef85d87b1f7b0b8d02e145fd71172abd34fab410da9fa5e41
x86_64	mod_proxy_html-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	769c062c8e95345fe92c3b1e98f71fbb30d350dfaefbeb23303d05787480c75f
x86_64	httpd-tools-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	98fd4275cc4f8704eb1cf2ffe9e1e10a3dd761f31414fbd36c011dc6e0dbb754
x86_64	mod_session-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	bc1d3f44fa0930263e27aac69485d9f08f3c1c74307d28acc1ec8c37ad06f5f0
x86_64	mod_ldap-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	d59bd9a69d5407d22c01fa676bfcd9204e1c4aabeaae2994635b8ededffdc363
x86_64	httpd-devel-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	dbb96411da7f89c01f58ce16533b7a9c4de9f810c84bdcdc774bc55453ced0d4
x86_64	httpd-2.4.37-51.module_el8.7.0+3281+01e58653.x86_64.rpm	ec07eab424b39aeb12aa1980a62ac711dfeb99827c51a40f1547d345528fff61

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.