[El-errata] ELSA-2015-1666 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux 7 httpd24-httpd security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Feb 5 13:48:25 PST 2016
Oracle Linux Software Collections Security Advisory ELSA-2015-1666
The following updated rpms for Oracle Linux Software Collections 1.2 for
Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
httpd24-httpd-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-httpd-devel-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-httpd-manual-2.4.12-6.0.1.el7.1.noarch.rpm
httpd24-httpd-tools-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_ldap-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_session-2.4.12-6.0.1.el7.1.x86_64.rpm
httpd24-mod_ssl-2.4.12-6.0.1.el7.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/SCL/1.2/OL7/SRPMS/httpd24-httpd-2.4.12-6.0.1.el7.1.src.rpm
Description of changes:
[2.4.12-6.0.1.el7.1]
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
[2.4.12-6.1]
- core: fix chunk header parsing defect (CVE-2015-3183)
- core: replace of ap_some_auth_required with ap_some_authn_required
and ap_force_authn hook (CVE-2015-3185)
- core: fix pointer dereference crash with ErrorDocument 400 pointing
to a local URL-path (CVE-2015-0253)
- mod_lua: fix possible mod_lua crash due to websocket bug (CVE-2015-0228)
[2.4.12-6]
- remove old sslsninotreq patch (#1199040)
[2.4.12-5]
- fix wrong path to document root in httpd.conf (#1196559)
[2.4.12-4]
- fix SELinux context of httpd-scl-wrapper (#1193456)
[2.4.12-3]
- include apr_skiplist and build against system APR/APR-util (#1187646)
[2.4.12-2]
- rebuild against new APR/APR-util (#1187646)
[2.4.12-1]
- update to version 2.4.12
- fix possible crash in SIGINT handling (#1184034)
[2.4.10-2]
- allow enabling additional SCLs using service-environment file
- enable mod_request by default for mod_auth_form
- move disabled-by-default modules from 00-base.conf to 00-optional.conf
[2.4.10-1]
- update to 2.4.10
- remove mod_proxy_html obsolete (#1174790)
- remove dbmmanage from httpd-tools (#1151375)
- add slash before root_libexecdir macro (#1149076)
- ab: fix integer overflow when printing stats with lot of requests
(#1091650)
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy
certificate (#1079925)
More information about the El-errata
mailing list