[ALSA-2022:8067] Moderate: httpd security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2022-11-18
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939) Security Fix(es): * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719) * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_lua-2.4.53-7.el9.aarch64.rpm 53da9aefd916773ce1a056b52f56be5fd2aef670b6e484c0a981ee75e8024540
aarch64 httpd-2.4.53-7.el9.aarch64.rpm 6c790fac3894ef5777514f216713972ceab84d1506717c24a1ddacd841600fca
aarch64 httpd-tools-2.4.53-7.el9.aarch64.rpm 79662241200124dbda1a839311f935d6f659ea8a70369f0486000a6195ff5109
aarch64 httpd-core-2.4.53-7.el9.aarch64.rpm a78db736cdeb0db253cc2043caaa25dfe7680953bf866d3e4db78797cd9c1ae2
aarch64 mod_proxy_html-2.4.53-7.el9.aarch64.rpm a7a31a43fc75abf0afb16985b17f65f9cee28a35719dd60e688da2fe6bcf884f
aarch64 mod_ldap-2.4.53-7.el9.aarch64.rpm ab57c0913f40a44e34aef9e40aaf767077174423a5f53a8f2a606a6fbf1289f4
aarch64 httpd-devel-2.4.53-7.el9.aarch64.rpm c858611bfe80177092e5db963974f249a65417063dd0b5f888dd7218794b87f8
aarch64 mod_ssl-2.4.53-7.el9.aarch64.rpm fb69e631da0ff5af48b4a4dd52dfac30f198660227c1c88fc1a1ca075c1698d8
aarch64 mod_session-2.4.53-7.el9.aarch64.rpm ffba43f397543ce2aa87ec208f1e606540a302542f56dc0640ff398bc6f0f19d
noarch httpd-manual-2.4.53-7.el9.noarch.rpm 16046de23e78b6ad29d370f55f942cde4a132a036d4ddf55c0e9f1c975292dab
noarch httpd-filesystem-2.4.53-7.el9.noarch.rpm 61226547b629d1bfe902193c7322ef89e09039ac4017036efa0b678183f622e5
ppc64le mod_ldap-2.4.53-7.el9.ppc64le.rpm 0b459ea3ba74bf73d0acee6236d2f7ac395ca6ee46c0f47ab4926f609d29aa90
ppc64le httpd-2.4.53-7.el9.ppc64le.rpm 410027c5324d2d5dffe966a29e4037c937e11988049f72cc16b919a646121f41
ppc64le httpd-devel-2.4.53-7.el9.ppc64le.rpm 46e0f30ab597396b7cc8106ef284c1f197499bb01790c2f3ba695dca90a5911d
ppc64le mod_ssl-2.4.53-7.el9.ppc64le.rpm 5da5c855f765f794502680ea0b6b0b3905762478fb5befea5ff56c618879b383
ppc64le httpd-core-2.4.53-7.el9.ppc64le.rpm 5f337a566b2289b6d895a178e585dc9b8887d3b350c3d074a7f9f83c351ba21b
ppc64le mod_proxy_html-2.4.53-7.el9.ppc64le.rpm 86cb5d65a89d9f96acb098aa8a4f7d556ab8f508f4ec107e69a3aa0669d92f2d
ppc64le mod_session-2.4.53-7.el9.ppc64le.rpm 8a8de01b4fed8e3de6a4f787d126367d5157fe04105668d0e0ea9c87fbd83f78
ppc64le mod_lua-2.4.53-7.el9.ppc64le.rpm a396db3dadf6a5d4b9c67f332541e601379df4766e60aea7bb5a4674d90ae605
ppc64le httpd-tools-2.4.53-7.el9.ppc64le.rpm ffb4c49b0ed60811771cde3c7b56cc557d77ba99284f1e092b531b0dd35fe8a2
s390x httpd-tools-2.4.53-7.el9.s390x.rpm 1873c68a0551ba831c633ccfaa68c34046179c3c3558be8ddb0bfd07ad8259e3
s390x httpd-core-2.4.53-7.el9.s390x.rpm 26c80698e3cab8f510d3c92703250fa943b1549fda27fb42f0ae55cfc4815def
s390x mod_ldap-2.4.53-7.el9.s390x.rpm b467167b6297ef8dde672502aa82f945f4bdc6ed90ccf64d5e73a8a30e57c3bc
s390x mod_ssl-2.4.53-7.el9.s390x.rpm b8893c75d551d99d484d1f257ff7a8875eb9ece7d1ae863939c0f2faba2cf481
s390x httpd-2.4.53-7.el9.s390x.rpm beb9906ee671b161245bb92e2da407059d251208508f3892e4685472a461e0d5
s390x mod_lua-2.4.53-7.el9.s390x.rpm c43ee3837334a6f022ef20c2a5efb278f834a55e418521aba0c1077a048d8737
s390x mod_proxy_html-2.4.53-7.el9.s390x.rpm db84727bd44a2b1633a1fee96eb0f1f633c53a8e2ce77bb8f2c05974552e560f
s390x mod_session-2.4.53-7.el9.s390x.rpm f4ea8af478f90f584274138771719722c6c45bfc86355718631759d0576306f5
s390x httpd-devel-2.4.53-7.el9.s390x.rpm f8c44f00ad285a505c40b9e5cf53c459ff69848725ab203989b22b3537c5d696
x86_64 mod_ldap-2.4.53-7.el9.x86_64.rpm 1d768470ee0b684bb371c48e4a08cb57a2cad6e18e15e8311f3b008d6b5a731b
x86_64 mod_lua-2.4.53-7.el9.x86_64.rpm 379a0956cc0fe1c5194d693f3095cf3fd9fd979fe24aea4a7acd1a0e205b1402
x86_64 mod_proxy_html-2.4.53-7.el9.x86_64.rpm 4572ce2f68cca9fee4aae10651afe66125bd82452642baa23cbda443e4125dce
x86_64 httpd-tools-2.4.53-7.el9.x86_64.rpm 5229ff1b43c85d85bd12caae9194ba82f648f6e0eb904d42e8b4c4bfe3a51c84
x86_64 mod_session-2.4.53-7.el9.x86_64.rpm 7f858131c90dffffba64ebe7e95ae8f9133aafb6b240b64d9c6b40d481cf5b0e
x86_64 httpd-core-2.4.53-7.el9.x86_64.rpm 8bd3309014597b425084becc759adc2e6a8e4d8dab2fa30ef206e53d6259b402
x86_64 httpd-2.4.53-7.el9.x86_64.rpm b0e9c1537e81bb660d9d09acf75c251728e3df00a34bb22e76a3ba5c11ae47eb
x86_64 mod_ssl-2.4.53-7.el9.x86_64.rpm d51c579050899c43db707a4d58ca7e2237d6346e1d85850ca4a5c6b2dc2dbe88
x86_64 httpd-devel-2.4.53-7.el9.x86_64.rpm e860bea409f970bff70a176a02720e4167ef6b2f2c61f870f04deaa24006f0f8
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.