[ol8_appstream] httpd-2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33.aarch64

Name:	httpd
Version:	2.4.37
Release:	16.0.1.module+el8.1.0+5385+dcd9ff33
Architecture:	aarch64
Module:	httpd:2.4:8010020190829143335:9edba152
Group:	System Environment/Daemons
Size:	9735585
License:	ASL 2.0
RPM:	httpd-2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33.aarch64.rpm
Source RPM:	httpd-2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33.src.rpm
Build Date:	Sat Nov 09 2019
Build Host:	ca-arm-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	Apache HTTP Server
Description:	The Apache HTTP Server is a powerful, efficient, and extensible web server.

Changelog (Show File list) (Show related packages)

Wed Nov 06 2019 Lukas Lemes <lukas.lemes@oracle.com> - 2.4.37-16.0.1

- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16

- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
  of data request leads to denial of service
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
  headers leads to denial of service
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
  large response leads to denial of service

Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15

- Resolves: #1730721 - absolute path used for default state and runtime dir by
  default

Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14

- Resolves: #1724549 - httpd response contains garbage in Content-Type header
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
  control bypass due to race condition
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
  inconsistency
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
  causes systemctl to hang
- Resolves: #1673022 - httpd can not be started with mod_md enabled

Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11

- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
  from modules scripts
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control 
  bypass when using per-location client certification authentication

Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
```
- Resolves: #1672977 - state-dir corruption on reload
```
Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
```
- Resolves: #1670716 - Coredump when starting in FIPS mode
```
Fri Feb 01 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
```
- add security fix for CVE-2019-0190 (#1671282)
```

Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7

- add DefaultStateDir/ap_state_dir_relative() (#1653009)
- mod_dav_fs: use state dir for default DAVLockDB
- mod_md: use state dir for default MDStoreDir

Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
```
- add httpd.conf(5) (#1611361)
```