[ol8_appstream] httpd-tools-2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1.aarch64

The httpd-tools package contains tools which can be used with
the Apache HTTP Server.

Changelog (Show File list) (Show related packages)

• Tue Feb 21 2023 EL Errata <el-errata_ww@oracle.com> - 2.4.37-51.0.1.1

  - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
  - Replace index.html with Oracle's index page oracle_index.html

• Tue Jan 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-51.1

  - Resolves: #2165967 - prevent sscg creating /dhparams.pem
  - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
    of zero byte
  - Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
  - Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
    smuggling

• Mon Jul 25 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-51

  - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via
    ap_rwrite()
  - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in
    ap_strcmp_match()
  - Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS
    vulnerability
  - Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information
    disclosure with websockets
  - Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy:
    X-Forwarded-For dropped by hop-by-hop mechanism
  - Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in
    r:parsebody
  - Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible
    request smuggling

• Tue Jun 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-50

  - Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of
    uninitialized value of in r:parsebody
  - Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer
    overflow with very large or unlimited LimitXMLRequestBody
  - Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write
    beyond bounds

• Fri Jun 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-49

  - Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
    dereference

• Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-48

  - Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
    vulnerability in Apache HTTP Server 2.4.52 and earlier

• Thu Jan 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47

  - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
    or SSRF in forward proxy configurations

• Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-46

  - Resolves: #2035063 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
    overflow when parsing multipart content

• Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-45

  - Resolves: #2007199 - CVE-2021-36160 httpd:2.4/httpd: mod_proxy_uwsgi:
    out-of-bounds read via a crafted request uri-path
  - Resolves: #1972491 - CVE-2021-33193 httpd:2.4/mod_http2: Request splitting via
    HTTP/2 method injection and mod_proxy

• Mon Nov 29 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-44

  - Resolves: #1968278 - CVE-2020-35452 httpd:2.4/httpd: Single zero byte stack
    overflow in mod_auth_digest
  - Resolves: #2001046 - Apache httpd OOME with mod_dav in RHEL 8
  - Resolves: #2005128 (CVE-2021-34798) - CVE-2021-34798 httpd: NULL pointer
    dereference via malformed requests
  - Resolves: #1984828 - mod_proxy_hcheck piles up health checks leading to high
    memory consumption
  - Resolves: #2005119 - CVE-2021-39275 httpd: out-of-bounds write in
    ap_escape_quotes() via malicious input