[El-errata] ELSA-2017-2479 Important: Oracle Linux 7 httpd security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 15 16:59:54 PDT 2017
Oracle Linux Security Advisory ELSA-2017-2479
http://linux.oracle.com/errata/ELSA-2017-2479.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
httpd-2.4.6-67.0.1.el7_4.2.x86_64.rpm
httpd-devel-2.4.6-67.0.1.el7_4.2.x86_64.rpm
httpd-manual-2.4.6-67.0.1.el7_4.2.noarch.rpm
httpd-tools-2.4.6-67.0.1.el7_4.2.x86_64.rpm
mod_ldap-2.4.6-67.0.1.el7_4.2.x86_64.rpm
mod_proxy_html-2.4.6-67.0.1.el7_4.2.x86_64.rpm
mod_session-2.4.6-67.0.1.el7_4.2.x86_64.rpm
mod_ssl-2.4.6-67.0.1.el7_4.2.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/httpd-2.4.6-67.0.1.el7_4.2.src.rpm
Description of changes:
[2.4.6-67.0.1.el7_4.2]
- replace index.html with Oracle's index page oracle_index.html
[2.4.6-67.2]
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
authentication bypass
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
in mod_auth_digest
More information about the El-errata
mailing list