| Name: | mod_md |
|---|
| Version: | 2.4.37 |
|---|
| Release: | 16.0.1.module+el8.1.0+5385+dcd9ff33 |
|---|
| Architecture: | x86_64 |
|---|
| Module: | httpd:2.4:8010020190829143335:9edba152
|
|---|
| Group: | System Environment/Daemons |
|---|
| Size: | 270727 |
|---|
| License: | ASL 2.0 |
|---|
| RPM: |
mod_md-2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33.x86_64.rpm
|
| Source RPM: |
httpd-2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33.src.rpm
|
| Build Date: | Sat Nov 09 2019 |
|---|
| Build Host: | jenkins-10-147-72-125-11590f9b-7638-47cb-8088-559344c0d855.appad1iad.osdevelopmeniad.oraclevcn.com |
|---|
| Vendor: | Oracle America |
|---|
| URL: | https://httpd.apache.org/ |
|---|
| Summary: | Certificate provisioning using ACME for the Apache HTTP Server |
|---|
| Description: | This module manages common properties of domains for one or more
virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
to automate certificate provisioning. These will be configured for
managed domains and their virtual hosts automatically. This includes
renewal of certificates before they expire. |
|---|
-
Wed Nov 06 2019 Lukas Lemes <lukas.lemes@oracle.com> - 2.4.37-16.0.1
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
-
Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
large response leads to denial of service
-
Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15
- Resolves: #1730721 - absolute path used for default state and runtime dir by
default
-
Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14
- Resolves: #1724549 - httpd response contains garbage in Content-Type header
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
control bypass due to race condition
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
inconsistency
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
causes systemctl to hang
- Resolves: #1673022 - httpd can not be started with mod_md enabled
-
Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication
-
Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
- Resolves: #1672977 - state-dir corruption on reload
-
Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
- Resolves: #1670716 - Coredump when starting in FIPS mode
-
Fri Feb 01 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
- add security fix for CVE-2019-0190 (#1671282)
-
Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7
- add DefaultStateDir/ap_state_dir_relative() (#1653009)
- mod_dav_fs: use state dir for default DAVLockDB
- mod_md: use state dir for default MDStoreDir
-
Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
- add httpd.conf(5) (#1611361)