[El-errata] ELSA-2014-1972 Low: Oracle Linux Software Collections 1.2 for Oracle Linux 6 httpd24-httpd security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Feb 5 13:51:01 PST 2016
Oracle Linux Software Collections Security Advisory ELSA-2014-1972
The following updated rpms for Oracle Linux Software Collections 1.2 for
Oracle Linux 6 have been uploaded to the Unbreakable Linux Network:
x86_64:
httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpm
httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpm
httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/SCL/1.2/OL6/SRPMS/httpd24-httpd-2.4.6-22.0.1.el6.src.rpm
Description of changes:
[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow,
httpd-2.4.6 is not affected (CVE-2014-3583)
[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the "wss:" scheme (#1141950)
[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests
(CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type
(CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)
[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352
More information about the El-errata
mailing list