-
Tue Feb 21 2023 EL Errata <el-errata_ww@oracle.com> - 2.4.37-51.0.1.1
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
-
Tue Jan 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-51.1
- Resolves: #2165967 - prevent sscg creating /dhparams.pem
- Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165977 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165978 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling
-
Mon Jul 25 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-51
- Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via
ap_rwrite()
- Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS
vulnerability
- Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information
disclosure with websockets
- Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy:
X-Forwarded-For dropped by hop-by-hop mechanism
- Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in
r:parsebody
- Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible
request smuggling
-
Tue Jun 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-50
- Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of
uninitialized value of in r:parsebody
- Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer
overflow with very large or unlimited LimitXMLRequestBody
- Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write
beyond bounds
-
Fri Jun 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-49
- Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
dereference
-
Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-48
- Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
-
Thu Jan 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
or SSRF in forward proxy configurations
-
Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-46
- Resolves: #2035063 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
overflow when parsing multipart content
-
Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-45
- Resolves: #2007199 - CVE-2021-36160 httpd:2.4/httpd: mod_proxy_uwsgi:
out-of-bounds read via a crafted request uri-path
- Resolves: #1972491 - CVE-2021-33193 httpd:2.4/mod_http2: Request splitting via
HTTP/2 method injection and mod_proxy
-
Mon Nov 29 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-44
- Resolves: #1968278 - CVE-2020-35452 httpd:2.4/httpd: Single zero byte stack
overflow in mod_auth_digest
- Resolves: #2001046 - Apache httpd OOME with mod_dav in RHEL 8
- Resolves: #2005128 (CVE-2021-34798) - CVE-2021-34798 httpd: NULL pointer
dereference via malformed requests
- Resolves: #1984828 - mod_proxy_hcheck piles up health checks leading to high
memory consumption
- Resolves: #2005119 - CVE-2021-39275 httpd: out-of-bounds write in
ap_escape_quotes() via malicious input