ALSA-2023:1670

[ALSA-2023:1670] Important: httpd and mod_http2 security update

Type:

security

Severity:

important

Release date:

2023-04-20

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_ldap-2.4.53-7.el9_1.5.aarch64.rpm	21babfc5070c63dcfbd9cce67b328d810c5e4bcba330e1e0cfd0681c19a3c9ba
aarch64	mod_ssl-2.4.53-7.el9_1.5.aarch64.rpm	3a59ea727ac2852aa642de90470d7679aac1a95746c0395808ee65934fbd9c16
aarch64	mod_http2-1.15.19-3.el9_1.5.aarch64.rpm	43f93f405a5119baec534c42d253e7d868d12214fee8bb56c914452775e7c101
aarch64	httpd-core-2.4.53-7.el9_1.5.aarch64.rpm	66cf9e1a3cf100ff22cac8e3af2e1094ce449785903cbc964150bc7a22dd4767
aarch64	mod_proxy_html-2.4.53-7.el9_1.5.aarch64.rpm	6c55afa3f8141dd66fc73133cf629cc34ab72ac5adcaaa43bf23b46bbc88d56f
aarch64	httpd-2.4.53-7.el9_1.5.aarch64.rpm	b11231e6fc896e080cd17153c45b9f4b1c0fdf184d2652e4f6e7781a507b1b34
aarch64	mod_lua-2.4.53-7.el9_1.5.aarch64.rpm	c3cb64e7979a5c38cd689d28269d4c261274fd2323d1ca0e2eaa472f53302c6d
aarch64	httpd-tools-2.4.53-7.el9_1.5.aarch64.rpm	e34290da8be6103be214bdcb9e0ec9507f78119b1fd5b0ab9297bf80e93d9c2d
aarch64	mod_session-2.4.53-7.el9_1.5.aarch64.rpm	f69ad4a08d840980f3265af3f02808a7c0cfb9498d1b3c885b8722df99b14fb5
aarch64	httpd-devel-2.4.53-7.el9_1.5.aarch64.rpm	f8aaf70cc4efc702d68770474193849a4aa077234040df9d96a07b026582f54f
noarch	httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm	0e18fe73ce1d645cee0c29947658d8d7cf764cd0d5dff4a9d29e549dea3ccd98
noarch	httpd-manual-2.4.53-7.el9_1.5.noarch.rpm	2f9fcaf5d345420c53a8c3125d3f20a94e594d2c4fc208c8f71a194624f859bc
ppc64le	httpd-devel-2.4.53-7.el9_1.5.ppc64le.rpm	1ae75d1d0e89aea2792912ea6bb33998061bd2b537764bf580d39a696430c435
ppc64le	mod_http2-1.15.19-3.el9_1.5.ppc64le.rpm	2a0eedc6f769aae1081ccc5e8fee716bf3a6928b71418b92449c791f9df0c79d
ppc64le	httpd-core-2.4.53-7.el9_1.5.ppc64le.rpm	6c4ad572b91448b86ca8a9d88d5582c5581abac6e6cd82f01a623e8af5678047
ppc64le	mod_proxy_html-2.4.53-7.el9_1.5.ppc64le.rpm	722353fe2ca4099a1c79b4d1aa87ec4f532b8d3c8eabe9feed7cb54770556239
ppc64le	mod_ssl-2.4.53-7.el9_1.5.ppc64le.rpm	7facf262fd40ab90cfcb44b3e6d2b10e9b0227fd9cd6525602cefad9c028870c
ppc64le	httpd-tools-2.4.53-7.el9_1.5.ppc64le.rpm	839f632c8b1fa66377ad024365609b7e65264d4853ea87bfcc681000e53e665b
ppc64le	mod_session-2.4.53-7.el9_1.5.ppc64le.rpm	a34fac75728034262233622d666fba81d76521eb1314f9aa3d9341fe0281afdb
ppc64le	mod_ldap-2.4.53-7.el9_1.5.ppc64le.rpm	ab793621be2b36815d061f1ec07f77f6fa6c97956427180965c74e7f468005dd
ppc64le	mod_lua-2.4.53-7.el9_1.5.ppc64le.rpm	d4e1971a96585895c5b8aced4a49e76c98b8ee759af99fc8a4d7b196a44f768c
ppc64le	httpd-2.4.53-7.el9_1.5.ppc64le.rpm	eb4c8ab3ca5bd649382541a62c7323e895e96c70cbf8b64611d68f89e4a6866d
s390x	mod_ssl-2.4.53-7.el9_1.5.s390x.rpm	02b939a75b7d21967af50fd4bc36adf0a2b5517354c1a649a04f8f355cd94e5f
s390x	mod_session-2.4.53-7.el9_1.5.s390x.rpm	220332d4c4fa6c62c175263b76a2aa975c2e8ddb40d9c14ba3c84881f45a8e50
s390x	mod_lua-2.4.53-7.el9_1.5.s390x.rpm	2779e10c1bdc38b48db688ff6f7d8600b4f8c2ae1aec00424e7d30ef4366995f
s390x	httpd-devel-2.4.53-7.el9_1.5.s390x.rpm	3c5851d233a48c72aa44bfb4f6506c20ed06e6924aa3a403a48ad745a80002a7
s390x	mod_ldap-2.4.53-7.el9_1.5.s390x.rpm	5637f79dfc0b43e37752361732a1ee3496617985054c0ae37240e591510a2ed2
s390x	httpd-tools-2.4.53-7.el9_1.5.s390x.rpm	5e683b2fd9e6b0fa8b3d1bc7ba71a2407c3d9745252bb03504cd7472f49bcb1a
s390x	httpd-core-2.4.53-7.el9_1.5.s390x.rpm	982b635a21c26a49073c4adef37373eda502e7681cb86c52c4936b0e556631a9
s390x	mod_http2-1.15.19-3.el9_1.5.s390x.rpm	a861746b9543a14aad72f8bdfa046c7dfcc5ec341d1367190afb748bd430e756
s390x	mod_proxy_html-2.4.53-7.el9_1.5.s390x.rpm	b1c26d45dae78827e22be5211a678382cc4886ca76ec1111b8125f7039f4f2a7
s390x	httpd-2.4.53-7.el9_1.5.s390x.rpm	f13f2dac237d4af313dbcbf65e8dd893e9eca56adc9ae89ba923befb0953d5a8
x86_64	mod_lua-2.4.53-7.el9_1.5.x86_64.rpm	0f7e465398e572351d39d96dbae85122b07ec0d920ce69441919cfb6db9faac5
x86_64	mod_session-2.4.53-7.el9_1.5.x86_64.rpm	3852f736ceebd307f3c533b41280e359b404560bfc57af7a553a3296c9f719b1
x86_64	httpd-core-2.4.53-7.el9_1.5.x86_64.rpm	4041a8207ad195b59981d75e583d4a61a13dea2938addd1b7254859c9962e686
x86_64	mod_ldap-2.4.53-7.el9_1.5.x86_64.rpm	8047e74d3d4a13b98bc859d26c60766de26f187b705030079319a4b68b1e2d5f
x86_64	mod_proxy_html-2.4.53-7.el9_1.5.x86_64.rpm	90b107262ed4781d1e6448f5da0bc288b3ed692adddf5f0ade96711528477989
x86_64	httpd-devel-2.4.53-7.el9_1.5.x86_64.rpm	97c79faffb576c089d9a32244a5d2d8e8508fb8845c127a937d6079be16c8c9a
x86_64	httpd-tools-2.4.53-7.el9_1.5.x86_64.rpm	be980464cda7f1ad3bca8b02accd5e5630e757811c192fe95e5f25bac3375b8a
x86_64	mod_ssl-2.4.53-7.el9_1.5.x86_64.rpm	cf19b444cc14d8c8673cac551ec77831f56670c0a9caea090a2b98365385a525
x86_64	mod_http2-1.15.19-3.el9_1.5.x86_64.rpm	f030d12481ca39f82ea265494d14eeb3f89a46c0e1f702a8c05a8044d1c2ea60
x86_64	httpd-2.4.53-7.el9_1.5.x86_64.rpm	fa78282b42695b1e1626f5a7eb08a6b1e057d2e897b8e90a54ac7922919355e1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.