ALSA-2023:0970

[ALSA-2023:0970] Moderate: httpd security and bug fix update

Type:

security

Severity:

moderate

Release date:

2023-02-28

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165975)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	httpd-tools-2.4.53-7.el9_1.1.aarch64.rpm	1228860b09183860c838ef4c0907e112d09d65cbed850f86f5335148aea2fb1c
aarch64	httpd-devel-2.4.53-7.el9_1.1.aarch64.rpm	1badc9394dd76da00db7540a677e41c77ea626757abf5736b79a49447d77d4df
aarch64	httpd-core-2.4.53-7.el9_1.1.aarch64.rpm	39deb25e29efd800bc1e613cf77d2656217c6e7a706e54a140b479d874eed032
aarch64	httpd-2.4.53-7.el9_1.1.aarch64.rpm	4943dbf2e9da5ecc9b0bbafe578539345315eb8cdf69b099053e9fa310df7b76
aarch64	mod_session-2.4.53-7.el9_1.1.aarch64.rpm	7dd5426b17a3bd90e5b96656ac08d360ecbddf69a3be7ee9e2a255a4183add0f
aarch64	mod_ldap-2.4.53-7.el9_1.1.aarch64.rpm	8c224b517a0de9559108111bad96a32910ff23966ca684a8123366ef9b9228d3
aarch64	mod_ssl-2.4.53-7.el9_1.1.aarch64.rpm	9173f583d574218d587d078c906e2ac9108ba706fbf0bcbda038fb5a4aa9ead8
aarch64	mod_lua-2.4.53-7.el9_1.1.aarch64.rpm	936d81d401581fa9636ee9147acd19cea232fbd4bb135b3821433597e45c09e8
aarch64	mod_proxy_html-2.4.53-7.el9_1.1.aarch64.rpm	d5fbe20de088e7472f73847626fea96b79025c62e7de575f6c574d16a78c85a5
noarch	httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm	3352de6afe7653c880424816ba8d8d8cf5ec226f325f6f2548eb0a54e55eaf6f
noarch	httpd-manual-2.4.53-7.el9_1.1.noarch.rpm	a7a5ffeedf4e3b3a6908d659b4d9982d805f81d111ed27cef9f254c7f6896830
ppc64le	mod_proxy_html-2.4.53-7.el9_1.1.ppc64le.rpm	0df9a43251efe4e43631e42cb7be827e037f042ca1b24a878944c441a258cbec
ppc64le	mod_ssl-2.4.53-7.el9_1.1.ppc64le.rpm	171b6742e437a7d3c83f51cc16460a88eee2d2e7fbcab6fd222df41e27c7de78
ppc64le	mod_lua-2.4.53-7.el9_1.1.ppc64le.rpm	1cb033dd7de673b8bf0406ee6a47026aa15f69a6c4de1527aa9c0bc022d6a252
ppc64le	httpd-tools-2.4.53-7.el9_1.1.ppc64le.rpm	2bad2f79fd5d942f16df7ab388b51f2e56e6a51f1434d4511985b3509c5d9f12
ppc64le	httpd-2.4.53-7.el9_1.1.ppc64le.rpm	41839082c2ccb2cebb5697389d7d56dd8279e84619c330cbf409e9052d716851
ppc64le	mod_session-2.4.53-7.el9_1.1.ppc64le.rpm	4ac84a377e64c9abe2a72d0705da97bafc49e01918f0b555dcabb3ecafdd5b06
ppc64le	httpd-devel-2.4.53-7.el9_1.1.ppc64le.rpm	e436949cbdbed05a713522c005323d74ede49eb8fb80e52ec273056b47e7092c
ppc64le	httpd-core-2.4.53-7.el9_1.1.ppc64le.rpm	f29895cbd7e31c26b626e36b1889797e90dc71e9c7fd0a1e40f1f6eca58c6b5b
ppc64le	mod_ldap-2.4.53-7.el9_1.1.ppc64le.rpm	f4c5cb631cb8980e3cde0f3b589e45ea5342371dd8f9431ceb0427192b0decdf
s390x	mod_session-2.4.53-7.el9_1.1.s390x.rpm	21526c482f82ecacb246cd1cd00f89dbe74be7d5d0d342af7f21936cafe5d0bd
s390x	mod_lua-2.4.53-7.el9_1.1.s390x.rpm	23cfc2b13779347a6b977fdd0b80d5ae451d499c4a7ee5e5ae3c463d4f5f1634
s390x	httpd-devel-2.4.53-7.el9_1.1.s390x.rpm	6f15b710780729d5c5cc53b637c9d72386941778a863b2d38e41ddaefbe76a68
s390x	httpd-2.4.53-7.el9_1.1.s390x.rpm	8d2ecea64b7e5521ca2009a2be1712831c9bfdb00be93753db57290949526b2b
s390x	mod_ssl-2.4.53-7.el9_1.1.s390x.rpm	acb75efc590ee42717d52908e3c12b0a8072edfa1f23aa03649ccc536dd44ab9
s390x	mod_proxy_html-2.4.53-7.el9_1.1.s390x.rpm	b8ed59fab4f01a314a96ca553151d01c7724743ac8818159c6d05754c9702f1f
s390x	httpd-core-2.4.53-7.el9_1.1.s390x.rpm	c542bdea990edd3abc64a0fb1554bde617e6ac45570668bb93d3095bf2dfca77
s390x	mod_ldap-2.4.53-7.el9_1.1.s390x.rpm	cb5e30cd95e8a2b9670de172db6fc7769ed096bbd047430b31ead9eda8d3cdc4
s390x	httpd-tools-2.4.53-7.el9_1.1.s390x.rpm	fa2ec05f9345ad0187e89f311efa3dbb7e8c61de3b2677043c184f96b0e738d4
x86_64	mod_session-2.4.53-7.el9_1.1.x86_64.rpm	22bf95d60cc96eb59de72e144964937e4aec104af5c4c42a66821e79b8b46246
x86_64	mod_proxy_html-2.4.53-7.el9_1.1.x86_64.rpm	2fb4c68639f5e6051b32a15bf899778ce17c9aa5760a958573ee02fb42bd5a0c
x86_64	mod_ldap-2.4.53-7.el9_1.1.x86_64.rpm	682f77c6e507b5ab062f0052e9410a0520b8d19c3867b67d87e1a7ba921d301f
x86_64	httpd-core-2.4.53-7.el9_1.1.x86_64.rpm	7757170502b18dd7ff3682c89d77dd70eabb890b3da141442504bb111be8fac7
x86_64	mod_lua-2.4.53-7.el9_1.1.x86_64.rpm	86d103d57b1811c92aa611ad8e643df3721904735154bb225024a1fcbdb538a9
x86_64	httpd-tools-2.4.53-7.el9_1.1.x86_64.rpm	aa031bcbacc26fa201ca0402a45c05c937789434603c1f08c06744ab6c7cbf85
x86_64	httpd-2.4.53-7.el9_1.1.x86_64.rpm	b76b58579c1833e6f6ece3a5730a8074376948f67b34eea7cadd0b54f9068a9e
x86_64	httpd-devel-2.4.53-7.el9_1.1.x86_64.rpm	c6351bce87128f7adb7fe65e82e64f8f4e9a976d89517f2fc01bb8a4b621e68a
x86_64	mod_ssl-2.4.53-7.el9_1.1.x86_64.rpm	c79a8873b886d98d5caaf8a6b1e0f852a7cecc6e84ed501d58f5ecc00cb8c0a1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.