-
Tue May 16 2023 EL Errata <el-errata_ww@oracle.com> - 2.4.53-11.0.1
- Replace index.html with Oracle's index page oracle_index.html.
-
Fri Apr 28 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.5
- Resolves: #2190324 - mod_rewrite regression with CVE-2023-25690
-
Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.4
- Resolves: #2177752 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
-
Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling
-
Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
- Resolves: #2160667 - prevent sscg creating /dhparams.pem
-
Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
-
Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
-
Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
with websockets
-
Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-6
- Related: #2065677 - httpd minimisation for ubi-micro
-
Fri Jun 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-5
- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()