[ol7_software_collections] httpd24-httpd-2.4.34-23.0.3.el7.5.x86_64

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Changelog (Show File list) (Show related packages)

• Thu Sep 29 2022 Darren Archibald <darren.archibald@oracle.com> - 2.4.34-23.0.3.5

  - Patch mod_proxy_hcheck: don't pile up health checks. (PR 63010) [Orabug: 33213072]
  - replace index.html with Oracle's index page oracle_index.html
  - update vstring in specfile

• Tue Sep 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.5

  - Related: #2035029 - CVE-2021-44224 httpd24-httpd: httpd: possible NULL
    dereference or SSRF in forward proxy configurations

• Thu Sep 15 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.4

  - Resolves: #2022319 - proxy rewrite to unix socket fails fix

• Wed Sep 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.3

  - Resolves: #1996513 - CVE-2021-33193 httpd24-httpd: httpd: Request splitting
    via HTTP/2 method injection and mod_proxy
  - Resolves: #2007192 - CVE-2021-34798 httpd24-httpd: httpd: NULL pointer
    dereference via malformed requests
  - Resolves: #2007196 - CVE-2021-39275 httpd24-httpd: httpd: out-of-bounds
    write in ap_escape_quotes() via malicious input
  - Resolves: #2007200 - CVE-2021-36160 httpd24-httpd: httpd: mod_proxy_uwsgi: 
    out-of-bounds read via a crafted request uri-path
  - Resolves: #2035029 - CVE-2021-44224 httpd24-httpd: httpd: possible NULL 
    dereference or SSRF in forward proxy configurations
  - Resolves: #2065236 - CVE-2022-22719 httpd24-httpd: httpd: mod_lua: Use of
    uninitialized value of in r:parsebody
  - Resolves: #2066263 - CVE-2022-23943 httpd24-httpd: httpd: mod_sed: Read/write
    beyond bounds
  - Resolves: #2066794 - CVE-2022-22721 httpd24-httpd: httpd: core: Possible
    buffer overflow with very large or unlimited LimitXMLRequestBody
  - Resolves: #2096999 - CVE-2022-26377 httpd24-httpd: httpd: mod_proxy_ajp:
    Possible request smuggling
  - Resolves: #2097017 - CVE-2022-28614 httpd24-httpd: httpd: out-of-bounds read
    via ap_rwrite()
  - Resolves: #2097033 - CVE-2022-28615 httpd24-httpd: httpd: out-of-bounds read
    in ap_strcmp_match()
  - Resolves: #2097453 - CVE-2022-29404 httpd24-httpd: httpd: mod_lua: DoS in
    r:parsebody
  - Resolves: #2097460 - CVE-2022-30522 httpd24-httpd: httpd: mod_sed: DoS
    vulnerability
  - Resolves: #2097482 - CVE-2022-30556 httpd24-httpd: httpd: mod_lua: Information
    disclosure with websockets
  - Resolves: #2098249 - CVE-2022-31813 httpd24-httpd: httpd: mod_proxy:
    X-Forwarded-For dropped by hop-by-hop mechanism

• Wed Mar 23 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.2

  - Resolves: #2065438 - CVE-2022-22720 httpd24-httpd: httpd: HTTP request
    smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

• Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.1

  - Resolves: #2035056 - CVE-2021-44790 httpd24-httpd: httpd: mod_lua: possible
    buffer overflow when parsing multipart content

• Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23

  - Resolves: #2007238 - CVE-2021-40438 httpd24-httpd: httpd: mod_proxy: SSRF via
    a crafted request uri-path

• Mon Sep 21 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-22

  - Resolves: #1869076 - CVE-2020-11984 httpd24-httpd: httpd: mod_proxy_uswgi
    buffer overflow
  - Resolves: #1607737 - TCP healthchecks failing falsely / not actually checking
  - Resolves: #1869078 - CVE-2020-11993 httpd24-httpd: httpd: mod_http2 concurrent
    pool usage

• Wed Sep 02 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-21

  - Resolves: #1637891 - RHSCL httpd : mod_proxy should allow to specify
    Proxy-Authorization in ProxyRemote directive

• Mon Aug 31 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-20

  - Resolves: #1869069 - CVE-2020-9490 httpd24-httpd: httpd: Push diary crash
    on specifically crafted HTTP/2 header