[ol8_appstream] mod_ssl-1:2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.aarch64

Name:	mod_ssl
Epoch:	1
Version:	2.4.37
Release:	47.0.2.module+el8.6.0+20724+119b489d.2
Architecture:	aarch64
Module:	httpd:2.4:8060020220615120645:ad008a3a
Group:	System Environment/Daemons
Size:	280582
License:	ASL 2.0
RPM:	mod_ssl-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.aarch64.rpm
Source RPM:	httpd-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.src.rpm
Build Date:	Fri Aug 05 2022
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	SSL/TLS module for the Apache HTTP Server
Description:	The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Changelog (Show File list) (Show related packages)

Mon Aug 01 2022 Kaylin Devchand <kaylin.devchand@oracle.com> - 2.4.37-47.0.2.2

- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and
  fixup last [CVE-2022-31813][Orabug: 34381946]

Wed Jun 22 2022 EL Errata <el-errata_ww@oracle.com> - 2.4.37-47.0.1.2

- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

Wed Jun 15 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.2

- Resolves: #2097247 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
  dereference

Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.1

- Resolves: #2065248 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
  vulnerability in Apache HTTP Server 2.4.52 and earlier

Thu Jan 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47

- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
  or SSRF in forward proxy configurations

Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-46

- Resolves: #2035063 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
  overflow when parsing multipart content

Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-45

- Resolves: #2007199 - CVE-2021-36160 httpd:2.4/httpd: mod_proxy_uwsgi:
  out-of-bounds read via a crafted request uri-path
- Resolves: #1972491 - CVE-2021-33193 httpd:2.4/mod_http2: Request splitting via
  HTTP/2 method injection and mod_proxy

Mon Nov 29 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-44

- Resolves: #1968278 - CVE-2020-35452 httpd:2.4/httpd: Single zero byte stack
  overflow in mod_auth_digest
- Resolves: #2001046 - Apache httpd OOME with mod_dav in RHEL 8
- Resolves: #2005128 (CVE-2021-34798) - CVE-2021-34798 httpd: NULL pointer
  dereference via malformed requests
- Resolves: #1984828 - mod_proxy_hcheck piles up health checks leading to high
  memory consumption
- Resolves: #2005119 - CVE-2021-39275 httpd: out-of-bounds write in
  ap_escape_quotes() via malicious input

Tue Oct 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43

- Related: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path

Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-42

- Resolves: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path
- Resolves: #1969229 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
  mod_session