[El-errata] ELSA-2015-1666 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux 7 httpd24-httpd security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 5 13:48:25 PST 2016 

Oracle Linux Software Collections Security Advisory ELSA-2015-1666

The following updated rpms for Oracle Linux Software Collections 1.2 for 
Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd24-httpd-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-httpd-devel-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-httpd-manual-2.4.12-6.0.1.el7.1.noarch.rpm
httpd24-httpd-tools-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_ldap-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_session-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_ssl-2.4.12-6.0.1.el7.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/SCL/1.2/OL7/SRPMS/httpd24-httpd-2.4.12-6.0.1.el7.1.src.rpm



Description of changes:

[2.4.12-6.0.1.el7.1]
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

[2.4.12-6.1]
- core: fix chunk header parsing defect (CVE-2015-3183)
- core: replace of ap_some_auth_required with ap_some_authn_required
   and ap_force_authn hook (CVE-2015-3185)
- core: fix pointer dereference crash with ErrorDocument 400 pointing
   to a local URL-path (CVE-2015-0253)
- mod_lua: fix possible mod_lua crash due to websocket bug (CVE-2015-0228)

[2.4.12-6]
- remove old sslsninotreq patch (#1199040)

[2.4.12-5]
- fix wrong path to document root in httpd.conf (#1196559)

[2.4.12-4]
- fix SELinux context of httpd-scl-wrapper (#1193456)

[2.4.12-3]
- include apr_skiplist and build against system APR/APR-util (#1187646)

[2.4.12-2]
- rebuild against new APR/APR-util (#1187646)

[2.4.12-1]
- update to version 2.4.12
- fix possible crash in SIGINT handling (#1184034)

[2.4.10-2]
- allow enabling additional SCLs using service-environment file
- enable mod_request by default for mod_auth_form
- move disabled-by-default modules from 00-base.conf to 00-optional.conf

[2.4.10-1]
- update to 2.4.10
- remove mod_proxy_html obsolete (#1174790)
- remove dbmmanage from httpd-tools (#1151375)
- add slash before root_libexecdir macro (#1149076)
- ab: fix integer overflow when printing stats with lot of requests 
(#1091650)
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy 
certificate (#1079925)

More information about the El-errata mailing list