[CLSA-2024:1724706840] httpd: Fix of 8 CVEs
Type:
security
Severity:
Critical
Release date:
2024-08-26 21:14:04 UTC
Description:
- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2024-38473: mod_proxy: server proxy encoding problem - CVE-2024-39573: mod_rewrite: proxy handler substitution - CVE-2024-38476: http: server use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix
Updated packages:
  • httpd-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:bcc180cc8945700623c5dd7f2b6f7633fe865ae1b7bf767d21df89b78ccd9cab
  • httpd-core-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:e03f8798428a81a1126a7438f0021eae54523eac954bfdeab9679c5025dedf67
  • httpd-devel-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:38d4621d68d47f7521b65576226ed089bc508c4393f70bbee9405922eb5943b7
  • httpd-filesystem-2.4.53-11.el9_2.5.tuxcare.els3.noarch.rpm
    sha:3ec92554c9ab54e5b83f5aeea775576f1e3737508898b37d42f27f9cc42a8782
  • httpd-manual-2.4.53-11.el9_2.5.tuxcare.els3.noarch.rpm
    sha:2b16366ef81012f8ce47b6450759e21701e902854fcbd900c4f491285827916f
  • httpd-tools-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:5b05982f5a59536a9f169e047d4186088f4ca02120622372595be1fa2a186934
  • mod_ldap-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:af2f193f09d57f5fa6d4a190e44ac6f707b9cebefdea9d9786169ce79a6944a6
  • mod_lua-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:1d61420551d2fdcb0645ee03baaa484a9bcfb21f5c5d3a064763e114675349ab
  • mod_proxy_html-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:8bbc1724ade5ce1e3d303b17898f562a24ffe9d540fe7beae63c3714ef03ea4e
  • mod_session-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:29f65944e2b282e0fb47509f3c57346084a8a3053bef09146fc50d4b76f50b63
  • mod_ssl-2.4.53-11.el9_2.5.tuxcare.els3.x86_64.rpm
    sha:585bc5690ddf31b63f1b9c6df71c92b72d4c952360c01216e29fa2e21b7185c4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.