[CLSA-2024:1724351412] httpd: Fix of 9 CVEs
Type:
security
Severity:
Critical
Release date:
2024-08-22 18:30:16 UTC
Description:
- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2023-38709: http_filters: HTTP response splitting - CVE-2024-38473: mod_proxy: server proxy encoding problem - CVE-2024-39573: mod_rewrite: proxy handler substitution - CVE-2024-38476: http: server use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix
Updated packages:
  • httpd-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:2d35efe07e69984ad11c3d39b4b084f50b462b3d4df4955b192d8ddb3f62a048
  • httpd-devel-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:5b1ffa31d75cbf49fa0ffc28a86edd42318cca5b617e28a062915d51d49da8b2
  • httpd-filesystem-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.noarch.rpm
    sha:69c588d70e5e4dab595b6d0497f22333078426029baf648a1d07e3db65799aa9
  • httpd-manual-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.noarch.rpm
    sha:ecb99ca245047fa1d54e6a31dd90e70060094539b8fd250b12cfc3a9089c5ee0
  • httpd-tools-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:2abdf2819ce90f4fe4be1f86bb20ffa02fa72988a8dff2ea3f7785fdcc9f5e0f
  • mod_ldap-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:229abe7dace5dce60a0feec6a390723ff58512172864ddf09013b12cfb5c3f3b
  • mod_proxy_html-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:516f02b9b3f6d1b13d0f545addea9c6225b9300086a05ee618e12f3c185a299a
  • mod_session-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:95b757a32b2715d33b43b091f407cb8822c825cd00d59705aede3c919905e795
  • mod_ssl-2.4.37-39.module_el8.4.0+2208+42fb8913.1.tuxcare.els15.x86_64.rpm
    sha:b88f3f7a766337607ca0018932bf83eabfad8835d3450bd0d58bfc6d7df55064
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.