[CLSA-2024:1724351427] httpd: Fix of 9 CVEs
Type:
security
Severity:
Critical
Release date:
2024-08-22 18:31:35 UTC
Description:
- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2023-38709: http_filters: HTTP response splitting - CVE-2024-38473: mod_proxy: server proxy encoding problem - CVE-2024-39573: mod_rewrite: proxy handler substitution - CVE-2024-38476: http: server use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix
Updated packages:
  • httpd-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:deb56e51e076ed4773aa5f0c190348f1be3899b10b5962e21c05960f5e65b353
  • httpd-devel-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:c735931820b81cff6dc25f43f198a5b844e2f47bb66264fddc6d4b440ec5dddd
  • httpd-filesystem-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.noarch.rpm
    sha:e4eb9b00d4912199b2984158415bde0469471e38a30dcf397533193cf0c00856
  • httpd-manual-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.noarch.rpm
    sha:af0647abafc895e9501fa814ea1e3beac099871c131d39554239dd309a399ed8
  • httpd-tools-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:977d49f91ec4234380e11ecd80374d43a13fe1fbdc72ef3391ff6849df006dc8
  • mod_ldap-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:f32f6581a86a28a6302b7632603ee106df830a695f236029d4d8c025f3fd32b8
  • mod_proxy_html-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:4b8b272a69a271ff5f0362f8e53cabbe805c386bdc416c9fd02a3c05e76e9614
  • mod_session-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:c12a34e0d8f837c22e95fd20b560159eb020a273697b51a151d05dec4422ed1a
  • mod_ssl-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64.rpm
    sha:b1228b892836f467f0e7840e318f3d0826a201360ec32cb5644ab8f30fb1ec16
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.