ALSA-2024:3121

[ALSA-2024:3121] Moderate: httpd:2.4 security update

Type:

security

Severity:

moderate

Release date:

2024-05-29

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
* mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_ssl-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	2195c06af8a277d6ee53dbbb88f2cc5ae89e4c7f0b4844b8751492ce0fed192f
aarch64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
aarch64	mod_session-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	334373445979657a0ca324dc03e4fc037030c2a4eda5a10f59b32ee08f3538ea
aarch64	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.aarch64.rpm	58c15dd6cf71b1c18bea3c37084094510e48f9e16976c8436b82bc094cccaabf
aarch64	httpd-devel-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	6070f319fe68ff1e7c7f28f056960723369e8127102f91af2670a1e15f41817d
aarch64	httpd-tools-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	92ad59a72159a68c44af0f630023825af10fb5025019b34b1bf9993f00c0064c
aarch64	httpd-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	98361400835bc72476ae11e8f87c1aa0db9b332781dcb66a9e5ca10a601b65a7
aarch64	mod_proxy_html-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	c1d119894797b005c5c66aafeaae222776147241b6d81c63f772f82af1577228
aarch64	mod_ldap-2.4.37-64.module_el8.10.0+3761+75f8c656.aarch64.rpm	f7616b97292d78a55811edd7680a1be7967b7f2f5afefaf9dee317dbd146fc51
noarch	httpd-filesystem-2.4.37-64.module_el8.10.0+3761+75f8c656.noarch.rpm	b0c3ff0f7906817e243b3008c64ed6f5d4388f9ff9daacb2511d87994c944d33
noarch	httpd-manual-2.4.37-64.module_el8.10.0+3761+75f8c656.noarch.rpm	f59ec43d97be8214e27a5ea63a3d850ae7fabe40962b6fab3b81e444e22a6bba
ppc64le	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
ppc64le	mod_session-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	310de3d8d9ecc5b936ad8c23a1a244948d9ef9f668ed08e94ff9168de15d11e4
ppc64le	httpd-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	6edec26f2b144dac3ee1d983da94b3360edefe264de6fdd8721123aa3177d9ad
ppc64le	mod_proxy_html-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	ae7aa49a4d17fab3c57304f03fce4ffcfb7e0424eeb7167691794f0f5ad0e480
ppc64le	mod_ldap-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	b3a504090a1f91a6c74d6a3c5b420810d32bb176e4437032af52a5d4db6751a2
ppc64le	httpd-devel-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	b97f788f7a154d2e7f50f5a1af0e9646c03dc834d6b6a95a77de896d80b99bb6
ppc64le	mod_ssl-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	eea2cf239ee4decef20a2b6c91ec78fd06a24a3482832b146888b9313406bb90
ppc64le	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.ppc64le.rpm	f9cab54ac70c04b7f15c74b929353de6c72dd0a40545ad914d856a9b5287ddbf
ppc64le	httpd-tools-2.4.37-64.module_el8.10.0+3761+75f8c656.ppc64le.rpm	ffafc0fda3c89d71c0dbbbc3885b75e3f7443d64b9293df8e0b51347ecc9ad70
s390x	mod_ldap-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	1d564cfc65960378953c01cef27f13d131c1500a97cdc64b15656db06388d388
s390x	httpd-tools-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	40be9227683f65c970b673d1b3ce1983ba3f2e5b9c0f19731fd837f440ad0a75
s390x	mod_session-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	85c2727d07e4bec50802d2283127bd38f5fbf972c5b2613273aa4b5407ef2ff0
s390x	httpd-devel-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	8738c27293d8ba5b9864ef4fb2d151affad9b9efed4a3d99dfde081dc07e7419
s390x	httpd-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	b01265d06fc6e3ef715e12d66d3c94ebf6654c7a0c0a64ffae76491a070a86a0
s390x	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.s390x.rpm	ced86530fe3d6ef0042ef1f6483b8f83f8e28834e2495e5368934e8c1ffcf36c
s390x	mod_ssl-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	d0ca3409078775d6098806c0664e58248218f7f5fc982beb1a96f0b34de966d5
s390x	mod_md-2.0.8-8.module_el8.6.0+3031+fb177b09.s390x.rpm	e47754aea99df8718074dd3d1df288b448b0af9d0ba4f0f8c6a3b5c8a164a1a7
s390x	mod_proxy_html-2.4.37-64.module_el8.10.0+3761+75f8c656.s390x.rpm	f409428c27058f2abae91d9e937c9fef68ec1a577e18f71013d577a4d2b42462
x86_64	httpd-tools-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	06383423b01160a0d12cea5b73ee45e9ebbfab2482ec1c09910d103da30f6ec6
x86_64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	3b1e101e6a9192ff94ee4d007aff494cf5631948586568da7a1c6ac1255c8a68
x86_64	mod_proxy_html-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	598f6083e752cc0a24e3900c71d91fd7c5775fc6dcc51a83f5ee6a3c3f7d9615
x86_64	httpd-devel-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	73995bc0a0b0f23b08c242f7cca2bd37641d3cde9b4b9c5692398d848aa54c60
x86_64	httpd-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	7be3be1de5f761d3232a7b07ea38a0e7dd103f796a3cdb27a8f812eccd0b3dc3
x86_64	mod_session-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	826c56128c4e098e51e5062da07e5b89fa3126af236421a6efba12b44e8fcf0a
x86_64	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.x86_64.rpm	949a2c8d98ce274a29835065ec03cdda91668f206a8c0560ee28e19c8963b6a2
x86_64	mod_ldap-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	bb5e9888fa3ca48ac251e06b27d451e907e22d9daa63737c580b598d8c0678b4
x86_64	mod_ssl-2.4.37-64.module_el8.10.0+3761+75f8c656.x86_64.rpm	d8609a3fb51ff339362d0b4155e918e95437b05afbdbb0394cb17b84d7675800

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.