[Apollo] Advisories Statistics light light Login

RLSA-2023:0852

Security Mirrored from RHSA-2023:0852
Issued at: 2023-02-22
Updated at: 2023-02-22

Synopsis

Moderate: httpd:2.4 security and bug fix update



Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)

* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967)



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2161773 2161774 2161777 2165967

CVEs

CVE-2006-20001 CVE-2022-36760 CVE-2022-37436

Affected packages

Rocky Linux 8 aarch64 - AppStream

httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.src.rpm httpd-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm httpd-debugsource-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm httpd-devel-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm httpd-filesystem-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm httpd-manual-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm httpd-tools-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm httpd-tools-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.src.rpm mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+823+f143cee1.aarch64.rpm mod_ldap-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_ldap-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.src.rpm mod_md-debuginfo-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm mod_md-debugsource-1:2.0.8-8.module+el8.5.0+695+1fa8055e.aarch64.rpm mod_proxy_html-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_proxy_html-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_session-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_session-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_ssl-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm mod_ssl-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.src.rpm httpd-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm httpd-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm httpd-debugsource-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm httpd-devel-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm httpd-filesystem-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm httpd-manual-0:2.4.37-51.module+el8.7.0+1059+126e9251.noarch.rpm httpd-tools-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm httpd-tools-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.src.rpm mod_http2-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm mod_ldap-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_ldap-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.src.rpm mod_md-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm mod_md-debuginfo-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm mod_md-debugsource-1:2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm mod_proxy_html-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_proxy_html-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_session-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_session-debuginfo-0:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_ssl-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm mod_ssl-debuginfo-1:2.4.37-51.module+el8.7.0+1059+126e9251.x86_64.rpm