[ol8_appstream] httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64

Name:	httpd
Version:	2.4.37
Release:	43.0.1.module+el8.5.0+20475+4f6a8fd5.1
Architecture:	aarch64
Module:	httpd:2.4:8050020220111011611:c5368500
Group:	System Environment/Daemons
Size:	9289286
License:	ASL 2.0
RPM:	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.aarch64.rpm
Source RPM:	httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.src.rpm
Build Date:	Tue Jan 25 2022
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	Apache HTTP Server
Description:	The Apache HTTP Server is a powerful, efficient, and extensible web server.

Changelog (Show File list) (Show related packages)

Tue Jan 25 2022 EL Errata <el-errata_ww@oracle.com> - 2.4.37-43.1.0.1

- scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798]
- fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html.

Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43.1

- Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
  overflow when parsing multipart content

Tue Oct 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43

- Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path

Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-42

- Resolves: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path
- Resolves: #2014063 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
  mod_session

Fri Jul 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-41

- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
  usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
  dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo

Fri May 14 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-40

- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1937334 - SSLProtocol with based virtual hosts

Tue Jan 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 2.4.37-39

- prevent htcacheclean from while break when first file processed

Tue Jan 26 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-38

- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files created by apache

Wed Dec 09 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-37

- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
  to be able to handle certs without matching private key

Mon Nov 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-36

- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd
  mod_proxy_wstunnel
- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()