[ol8_appstream] mod_ldap-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64

Name:	mod_ldap
Version:	2.4.37
Release:	47.0.1.module+el8.6.0+20683+407db9f5.2
Architecture:	x86_64
Module:	httpd:2.4:8060020220615120644:ad008a3a
Group:	System Environment/Daemons
Size:	136237
License:	ASL 2.0
RPM:	mod_ldap-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm
Source RPM:	httpd-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.src.rpm
Build Date:	Wed Jun 22 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	LDAP authentication modules for the Apache HTTP Server
Description:	The mod_ldap and mod_authnz_ldap modules add support for LDAP authentication to the Apache HTTP Server.

Changelog (Show File list) (Show related packages)

Wed Jun 22 2022 EL Errata <el-errata_ww@oracle.com> - 2.4.37-47.0.1.2

- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

Wed Jun 15 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.2

- Resolves: #2097247 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
  dereference

Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.1

- Resolves: #2065248 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
  vulnerability in Apache HTTP Server 2.4.52 and earlier

Thu Jan 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47

- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
  or SSRF in forward proxy configurations

Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-46

- Resolves: #2035063 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
  overflow when parsing multipart content

Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-45

- Resolves: #2007199 - CVE-2021-36160 httpd:2.4/httpd: mod_proxy_uwsgi:
  out-of-bounds read via a crafted request uri-path
- Resolves: #1972491 - CVE-2021-33193 httpd:2.4/mod_http2: Request splitting via
  HTTP/2 method injection and mod_proxy

Mon Nov 29 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-44

- Resolves: #1968278 - CVE-2020-35452 httpd:2.4/httpd: Single zero byte stack
  overflow in mod_auth_digest
- Resolves: #2001046 - Apache httpd OOME with mod_dav in RHEL 8
- Resolves: #2005128 (CVE-2021-34798) - CVE-2021-34798 httpd: NULL pointer
  dereference via malformed requests
- Resolves: #1984828 - mod_proxy_hcheck piles up health checks leading to high
  memory consumption
- Resolves: #2005119 - CVE-2021-39275 httpd: out-of-bounds write in
  ap_escape_quotes() via malicious input

Tue Oct 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43

- Related: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path

Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-42

- Resolves: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
  a crafted request uri-path
- Resolves: #1969229 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
  mod_session

Fri Jul 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-41

- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
  usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
  dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo