[El-errata] ELSA-2024-4943 Important: Oracle Linux 7 httpd security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Sep 17 09:23:03 UTC 2024
Oracle Linux Security Advisory ELSA-2024-4943
http://linux.oracle.com/errata/ELSA-2024-4943.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
httpd-2.4.6-99.0.3.el7_9.1.x86_64.rpm
httpd-devel-2.4.6-99.0.3.el7_9.1.x86_64.rpm
httpd-manual-2.4.6-99.0.3.el7_9.1.noarch.rpm
httpd-tools-2.4.6-99.0.3.el7_9.1.x86_64.rpm
mod_ldap-2.4.6-99.0.3.el7_9.1.x86_64.rpm
mod_proxy_html-2.4.6-99.0.3.el7_9.1.x86_64.rpm
mod_session-2.4.6-99.0.3.el7_9.1.x86_64.rpm
mod_ssl-2.4.6-99.0.3.el7_9.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//httpd-2.4.6-99.0.3.el7_9.1.src.rpm
Related CVEs:
CVE-2024-38474
CVE-2024-38475
CVE-2024-38477
Description of changes:
[2.4.6-99.0.3.1]
- Opt-ins for unsafe prefix_stat and %3f [Orabug: 36904263][CVE-2024-38474][CVE-2024-38475]
- mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477]
More information about the El-errata
mailing list