ALSA-2023:0852

[ALSA-2023:0852] Moderate: httpd:2.4 security and bug fix update

Type:

security

Severity:

moderate

Release date:

2023-02-21

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_ldap-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	0287cf7a6e0630997c07b0f33bc9a937e524b225363d1111eac5365f5688f6db
aarch64	httpd-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	0298297d9d79cac55fd4f1d799edeb7e56d0941dbf5ca75d8b590e04f68a6554
aarch64	mod_ssl-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	237aea90afffc86dbf308ea77e06fa34264a409f1dc491fbc3ddb936ff3a97c1
aarch64	mod_session-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	248019012e3670106b2cf7223f22095b4d646cd211a8c7cb5407866d537d02b7
aarch64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
aarch64	mod_proxy_html-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	520fabbb44d6715ec7219bf7ebb481874b4933198f75f0ba1b07abb72ac12e3b
aarch64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	63435b6c076025b9b839f99a57bc34d2ea16518c68539c7dda3a94ee36f8d584
aarch64	httpd-tools-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	8ce2a630b53b3a6e783c6abaf4b1a53b1231748e1dbbb14a87ec02263483128a
aarch64	httpd-devel-2.4.37-51.module_el8.7.0+3405+9516b832.1.aarch64.rpm	e93c8a112124e4b6a02864f8867afdf8abeb61652a7fca41f87b77292778eb08
noarch	httpd-filesystem-2.4.37-51.module_el8.7.0+3405+9516b832.1.noarch.rpm	292cc1471cc014dcd1ebe5e01ef07b8f9ae2b030acb444cf9fb9ac58f3343eb1
noarch	httpd-manual-2.4.37-51.module_el8.7.0+3405+9516b832.1.noarch.rpm	efad349eb490e612a2d5aa9c30b468f116f2ffb16a0cb0e4641e89637d24ff84
ppc64le	mod_proxy_html-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	056ac91c6028cc612b6cc7a4d3e5948cd355de3072c2672c8b9b22735812fbba
ppc64le	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
ppc64le	mod_ssl-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	8ca8ee4aa9d8859a75d876884e605540aedb5160d94c26c559a2225997dbaa46
ppc64le	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	b2a431688af8d7cad9f5f53672698e7980e9dddddf047f495b12468d04ca1f7b
ppc64le	mod_session-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	bbb6c7b737e57e585a4d5606b91cb49d79f588a4560e854ce1aa1a7fa305ce27
ppc64le	httpd-tools-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	cc37be342da80372ff8c401eac66961de7b62ac75461aab0f21a468d90ef2fa3
ppc64le	httpd-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	d47fa70871aa2944896a9e74edd8808830c1c58bfc0616f5ebc6194443d4c9e0
ppc64le	httpd-devel-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	f21ef51e06f4801279a116d65b323e71ed9064badf1c7fd1b1a8ef53f590b602
ppc64le	mod_ldap-2.4.37-51.module_el8.7.0+3405+9516b832.1.ppc64le.rpm	fbda3ca23a3876fd2b6d6891083247f076dc0228137ae4aca3c16435f2b5f908
s390x	mod_ldap-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	16d740c02fe442ec86cf325417396a1c9c442fed795190d2b1e21249bfdaab4d
s390x	mod_proxy_html-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	6456c6857b95a9271032f32f347af7acc83be0a80aad50e2ca1a11c62e08a0c6
s390x	httpd-tools-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	70967e6b394c03ac6bb828aa34a0979b37bb658818ae188378b1b04ed4227c1b
s390x	httpd-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	749272ba532faf0d2c7d5641caffef4c0e7a17f770f6c6b62ba49699df2b14fe
s390x	httpd-devel-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	963b01b5af79588e77dd3f1281330c93186bb893a4cd14b2fad95edd1edd62e3
s390x	mod_ssl-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	bc986ae4e7e0eb65e3bcd7e039c564346c722c8e89bf3b5364bb4ee197352771
s390x	mod_md-2.0.8-8.module_el8.6.0+3031+fb177b09.s390x.rpm	e47754aea99df8718074dd3d1df288b448b0af9d0ba4f0f8c6a3b5c8a164a1a7
s390x	mod_http2-1.15.7-5.module_el8.6.0+3031+fb177b09.s390x.rpm	e8187fd68cc4d43ebb70e094da2d353e580a7da3f03882c5c03f6dce81d7fac5
s390x	mod_session-2.4.37-51.module_el8.7.0+3405+9516b832.1.s390x.rpm	fb346e52059412a68a9713409401da708571931999a36effe759291cb0e60df5
x86_64	mod_session-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	214ec046d3922384d812064b9e509994a37cf96aaf5ce08f55023cefbce6aaae
x86_64	mod_ldap-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	2c57129e9f52b662a25f18f009f02f9ea3798703b2741923ca94cda5c9b835ae
x86_64	httpd-devel-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	31d2e693b38c9607e4d8982ba723f4371509121037a4850df7134c6f267edf72
x86_64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	3b1e101e6a9192ff94ee4d007aff494cf5631948586568da7a1c6ac1255c8a68
x86_64	mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	4aafccf495178ac87983ae2a7616ed7f6df75856120b618d741a80e7bcb4609a
x86_64	mod_ssl-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	a321bbac8c0527a5bd67135f91a00d2b4b7dbf363c8010413fe90de73eb707ba
x86_64	mod_proxy_html-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	a48b6f8c713f9089082f7fa901ec1bf4644e5b86692e6806ebac39fc47bb10f0
x86_64	httpd-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	a631ef97dd8f346a50398f213bd723ddbe4148d9dacaffee443157360578bd94
x86_64	httpd-tools-2.4.37-51.module_el8.7.0+3405+9516b832.1.x86_64.rpm	ced7fab45d50bd5102f2d2a750237853e39d15a0537ca50ae35c14be23e890d1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.