[CLSA-2024:1724351166] httpd: Fix of 9 CVEs
Type:
security
Severity:
Critical
Release date:
2024-08-22 18:26:09 UTC
Description:
- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2023-38709: http_filters: HTTP response splitting - CVE-2024-38473: mod_proxy: server proxy encoding problem - CVE-2024-39573: mod_rewrite: proxy handler substitution - CVE-2024-38476: http: server use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix
Updated packages:
  • httpd-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:3669a812c31697fc385abd1b9367e5ff4adcbce361eaf956c6f72d9461d02c4d
  • httpd-devel-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:dc5a7e5b224b0264a9ba3a7d7d01208330a16f02288b68711ed65fbb5e2be31a
  • httpd-filesystem-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.noarch.rpm
    sha:178de7fb53c5a6b9c844b5009061c534815869fd9c313b48b4ecef4bf8da26cc
  • httpd-manual-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.noarch.rpm
    sha:e236b9a2fba34f05b83099ee7514f9f0d7e63c59cc66742298eafa9b8c088d7b
  • httpd-tools-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:73b277c8a43ec8907c90cef2210d8119aeccd6ba1229d1b2970eb5903681c251
  • mod_ldap-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:61aebd03d867926f1fe52075fc91b7d5ccb479e32b063c48a1f9d0738257f093
  • mod_proxy_html-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:8cd17b43e8d70f275e5a610a1c920d614d594d050546cd6e45e6268d3e46153d
  • mod_session-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:b1092a2ff8d3c3a2eea5ec3e254c575dcd354302ebedcd73b8ba89acb5e13e02
  • mod_ssl-2.4.37-64.module_el8+2207+9493da45.tuxcare.els1.x86_64.rpm
    sha:0aa936a0f145cacd4e0cfe304c72c16b42ec92aab59db8c2b99a2738d218aa6d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.