Advisory: CLSA-2024:1725382183
OS: CentOS 7 ELS
Public date: 2024-09-03 12:49:45
Project: httpd
Version: 2.4.6-99.el7.centos.1.tuxcare.els6
Errata link: https://errata.tuxcare.com/els_os/centos7els/CLSA-2024-1725382183.html
- CVE-2023-38709: faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses - CVE-2024-24795: HTTP response splitting in multiple modules allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack
Update command: yum update httpd*
httpd-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm httpd-devel-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm httpd-manual-2.4.6-99.el7.centos.1.tuxcare.els6.noarch.rpm httpd-tools-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm mod_ldap-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm mod_proxy_html-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm mod_session-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm mod_ssl-2.4.6-99.el7.centos.1.tuxcare.els6.x86_64.rpm