ALSA-2024:4720

[ALSA-2024:4720] Important: httpd:2.4 security update

Type:

security

Severity:

important

Release date:

2024-07-23

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Encoding problem in mod_proxy (CVE-2024-38473)
* httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)
* httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)
* httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477)
* httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	httpd-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	030b1774b9683f2494a797016a2b7a99473e12a1ce614c496d61937241007232
aarch64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm	2678c086cc5a3b9b6f20f73891c8d84235646307efa87d482c5f95d828da9f4e
aarch64	httpd-tools-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	3496fe90e672c7d710ce2a50138cb240764c001b9e16ec8f1db67cbe1f7fb3c7
aarch64	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.aarch64.rpm	58c15dd6cf71b1c18bea3c37084094510e48f9e16976c8436b82bc094cccaabf
aarch64	httpd-devel-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	6add87e24bbe631faecac6fd31564edd569cc1d107ca269b693cac3e265e36c2
aarch64	mod_ssl-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	9199f6db6da2c4327175cf242ecf4af66a0e64636fbee080d392b51aba0ea858
aarch64	mod_session-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	db121d6ec683f4ed167012307526e778e6488c24baf80289fb49a847b707214b
aarch64	mod_proxy_html-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	ebcf549ef89876eb9e8cfb31f41566c6adbaaf8b779ef270e393c9b62671c3a0
aarch64	mod_ldap-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.aarch64.rpm	ff1c2e9b1dcf814969d28c52fb370de2aaf1e119561cb831072b8ee8c315baeb
noarch	httpd-filesystem-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.noarch.rpm	aa2eb2950a186be42f28ae088dcdcd5edb7aa5f1182b1f11f0a20331995d5d02
noarch	httpd-manual-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.noarch.rpm	e4e45cf9200a4e2308e7d851d7749de1157383127af8732507334f5f71f0448c
ppc64le	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm	1a26f7d2af339e6769c26359dbdc9aa33083ab2b7d43c69c006dfafb57b05ac6
ppc64le	httpd-tools-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	3b7858f81a4ff9d444a500c952e50d76cde306b31768131a7875cfa7e06e23f4
ppc64le	httpd-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	4ecc465072176ae1a9f280e364a82b7796d27349bf6816384163b954b5da2eb5
ppc64le	mod_ldap-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	6d21328130bf8f5840405b1f1ed621eaf005c0557ce42f39d73ce529a7905168
ppc64le	mod_session-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	830cc157231241cb5ec7af1a76388a1bb7ee2519666519f7780eec7a0cb07629
ppc64le	mod_proxy_html-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	eb8cad7a188df9aa441ef70c60453db126c9f0c7c31f1bd6ef7f999e6c602020
ppc64le	mod_ssl-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	f78325906522c72407c189bab9c4bce8b5c44e5e93c14081a8c184ee75af2635
ppc64le	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.ppc64le.rpm	f9cab54ac70c04b7f15c74b929353de6c72dd0a40545ad914d856a9b5287ddbf
ppc64le	httpd-devel-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.ppc64le.rpm	fba51e2516af4b961a4f4a42ea2909fb9813f94dcba6ed6842f9440226279573
s390x	httpd-tools-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	18f4e2ed1407e2aabace657fcda17ae49959040377fea431dc53df9e492615c8
s390x	mod_session-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	4632fc1e96be9de84fcc26e7ad59f6bd04d703c598cf4af3923fd7275aafa4d8
s390x	mod_ldap-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	46637dad500a87ada48cf42e4d22da3b84687410421a29d346d7577e9b8c0d7e
s390x	mod_proxy_html-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	617865c0f4111f823f0e0ec681aba073f461410f39230c8dad3498d0389bb2cf
s390x	mod_ssl-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	729bb2fc778cb5feaaf98e0b064cdbfe6a9cff6cf99218a054d3d1d488e5dbaf
s390x	httpd-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	ca4860f9756221fa484984309c356ec358bc9252e7e73840ecc93baedd06ba7b
s390x	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.s390x.rpm	ced86530fe3d6ef0042ef1f6483b8f83f8e28834e2495e5368934e8c1ffcf36c
s390x	httpd-devel-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.s390x.rpm	db3c7cbd392a60c09a8bbbc186566ca0b124b849bb6d8613c75810463a059b65
s390x	mod_md-2.0.8-8.module_el8.6.0+3031+fb177b09.s390x.rpm	e47754aea99df8718074dd3d1df288b448b0af9d0ba4f0f8c6a3b5c8a164a1a7
x86_64	mod_ldap-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	02f02d6d4646d5d0ce0022f8822fb9effe9c770adec715458fd99a1c8fb4c342
x86_64	mod_ssl-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	0464dd825c08d94f567608082b32eb8d2b7449c78db2671b020ed1ff484478c5
x86_64	mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.x86_64.rpm	3b1e101e6a9192ff94ee4d007aff494cf5631948586568da7a1c6ac1255c8a68
x86_64	httpd-tools-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	6854044eb584f13abffd9ad3a0b12d9e08c1ecbf4b06eaae461b5f24b59b01a8
x86_64	mod_proxy_html-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	6d0c3a4768783903864caee5b10002f2e67f517c5dc67b5c082f3dc4b19d88bd
x86_64	httpd-devel-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	8a5a83246a4051ab4d734fd7de0565b48d2bcca16507e461adacc214ad6a8891
x86_64	mod_http2-1.15.7-10.module_el8.10.0+3832+564e7653.x86_64.rpm	949a2c8d98ce274a29835065ec03cdda91668f206a8c0560ee28e19c8963b6a2
x86_64	mod_session-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	bdcb9ce63e1233dde3890d71ecf2abaa31677f9c6e702957e0de79031d00331a
x86_64	httpd-2.4.37-65.module_el8.10.0+3872+9b8ab21e.1.x86_64.rpm	cde9729204eb73b75e9c31b7ecb72098bfde72aa9494cb5b6878522faa33e38b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.