Release Info

Advisory: CLSA-2024:1726078096

OS: CloudLinux 7 ELS

Public date: 2024-09-11 14:08:18

Project: httpd

Version: 2.4.6-99.el7.1.tuxcare.els6

Errata link: https://errata.cloudlinux.com/cloudlinux7els/CLSA-2024-1726078096.html

Changelog

- CVE-2022-23943: Fix out-of-bound write in mod_sed - CVE-2022-22721: Fix integer overflow which resulted in out-of-bounds write - CVE-2022-28615: Fix read beyond bounds in ap_strcmp_match() - CVE-2022-31813: Fix possible bypass of IP based authentication - CVE-2021-26690: Fix NULL pointer dereference in mod_session - CVE-2022-22719: Fix possible process crash due to unnoticed failures in mod_lua - CVE-2022-29404: Fix possible DoS due to no default limit on possible input size in mod_lua - CVE-2022-26377: Fix possible HTTP request smuggling in mod_proxy_ajp - CVE-2023-31122: mod_macro: Fix out-of-bounds read vulnerability by using own strncmp function - CVE-2024-38474: mod_rewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2024-38476: http: server use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-39573: mod_rewrite: proxy handler substitution - CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix

Update

Update command: yum update httpd*

Packages list

httpd-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm httpd-devel-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm httpd-manual-2.4.6-99.el7.1.tuxcare.els6.noarch.rpm httpd-tools-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm mod_ldap-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm mod_proxy_html-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm mod_session-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm mod_ssl-2.4.6-99.el7.1.tuxcare.els6.x86_64.rpm

CVEs