-
Tue Sep 24 2019 EL Errata <el-errata_ww@oracle.com> - 2.4.37-12.0.1
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
-
Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-12
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service
-
Wed Apr 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication
-
Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
- Resolves: #1672977 - state-dir corruption on reload
-
Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
- Resolves: #1670716 - Coredump when starting in FIPS mode
-
Fri Feb 01 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
- add security fix for CVE-2019-0190 (#1671282)
-
Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7
- add DefaultStateDir/ap_state_dir_relative() (#1653009)
- mod_dav_fs: use state dir for default DAVLockDB
- mod_md: use state dir for default MDStoreDir
-
Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
- add httpd.conf(5) (#1611361)
-
Mon Nov 26 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-5
- Resolves: #1652966 - Missing RELEASE in http header
-
Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-4
- Resolves: #1641951 - No Documentation= line in htcacheclean.service files