Headline
RHSA-2022:0143: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-26691: httpd: mod_session: Heap overflow via a crafted SessionHeader value
- CVE-2021-34798: httpd: NULL pointer dereference via malformed requests
- CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
- CVE-2021-44790: httpd: mod_lua: Possible buffer overflow when parsing multipart content
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
- httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
- httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
- httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value
- BZ - 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
- BZ - 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests
- BZ - 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
CVEs
- CVE-2021-26691
- CVE-2021-34798
- CVE-2021-39275
- CVE-2021-44790
Red Hat Enterprise Linux Server 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
x86_64
httpd-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: e470ff8a10a21a16fda6c467af0dcc4ab93e971220c6a2e0481764f80a5a3af0
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 187cfd186f9a90b12425afee81edf612809f0d736a74554274fd7154bc1910c3
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 292137e74ce22ee4e299eb1d2c5f6d39a94e917ee6dc0705f6402f2087320ab3
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0ab23a6a77d1836733a942c33dd68ea0b0da55a7f887bce0ad000e81f8a857ee
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 3dcf8382bad2d6193b75949db80f1c1d770e18096aed7e60b9acbb6ae3342a0a
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 4b52954a1eb699059197dbbfb9aa6ac7059123cf69087581f27b248e11a1bfce
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0244dc48dcf963bc3b248b03e3d5a22655de9f9b24c64715a0007d4e3b73b824
Red Hat Enterprise Linux Workstation 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
x86_64
httpd-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: e470ff8a10a21a16fda6c467af0dcc4ab93e971220c6a2e0481764f80a5a3af0
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 187cfd186f9a90b12425afee81edf612809f0d736a74554274fd7154bc1910c3
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 292137e74ce22ee4e299eb1d2c5f6d39a94e917ee6dc0705f6402f2087320ab3
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0ab23a6a77d1836733a942c33dd68ea0b0da55a7f887bce0ad000e81f8a857ee
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 3dcf8382bad2d6193b75949db80f1c1d770e18096aed7e60b9acbb6ae3342a0a
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 4b52954a1eb699059197dbbfb9aa6ac7059123cf69087581f27b248e11a1bfce
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0244dc48dcf963bc3b248b03e3d5a22655de9f9b24c64715a0007d4e3b73b824
Red Hat Enterprise Linux Desktop 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
x86_64
httpd-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: e470ff8a10a21a16fda6c467af0dcc4ab93e971220c6a2e0481764f80a5a3af0
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 187cfd186f9a90b12425afee81edf612809f0d736a74554274fd7154bc1910c3
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 292137e74ce22ee4e299eb1d2c5f6d39a94e917ee6dc0705f6402f2087320ab3
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0ab23a6a77d1836733a942c33dd68ea0b0da55a7f887bce0ad000e81f8a857ee
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 3dcf8382bad2d6193b75949db80f1c1d770e18096aed7e60b9acbb6ae3342a0a
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 4b52954a1eb699059197dbbfb9aa6ac7059123cf69087581f27b248e11a1bfce
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0244dc48dcf963bc3b248b03e3d5a22655de9f9b24c64715a0007d4e3b73b824
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
s390x
httpd-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 16cb95be966030ebfd95805c650f209132b3a2b65fdda30141ad9a1d03e7debc
httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 04c5d630742b3ca373694ed74180dbab5df235d90baafa2df34e3c236fff86d8
httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 04c5d630742b3ca373694ed74180dbab5df235d90baafa2df34e3c236fff86d8
httpd-devel-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 69cace7e2eaad25bd8bbab2087a7e6cab4b8f187049efda14bcb6d8d4106cc88
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: a390221a1be32c75f1b761200751675c5f8774cf82ba2b36dc2dfab16022f288
mod_ldap-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 098decf51f42886d9f4d929cd7428cce4e873af18ce799beb42fcfdb1c038bdf
mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 8459f3edc0a9867ef0647b83a7815bfc256121cf3f8aee7182168c19f505b9f6
mod_session-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 4d3631ae51c863da42860b2821cc5128031d129f117c66f874420952d1bfc21d
mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
SHA-256: 05f9142b47a8df9515c99d78be0b9872c88b044669f39f812f6fffbb4bfcd890
Red Hat Enterprise Linux for Power, big endian 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
ppc64
httpd-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 40e1e2bfb1edf547a9ebb003cb2a92ecdd5950918f54914cc713a88a02a1ec74
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: ecbcb0e2f8958b97d33c5ad20032fef456bcab78f09f9499703da21913141da9
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: ecbcb0e2f8958b97d33c5ad20032fef456bcab78f09f9499703da21913141da9
httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 2b73209636a1434e6ee32f3f8198e0cec5fac9f58d4810c18a1c248a1947e59b
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 2946b90277503527ddb03ffdce42e0d1533ddfbef85b55fee8818da253a6cd90
mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: da16d4e35aa1e329ca4c79e21f2892b13aeb0cbe384873630faee5416a6b66d9
mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 0974154749f1e3eb66052083858b8d2f336d2b9a636e986d0e9ee527f17a19b5
mod_session-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 9a10d1299d67c5e1996e26f7f91848fbcdeb13bb5ad740dea85856db7b4a0bb3
mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
SHA-256: 3331888ef9285ed0120077d7e6559d604d01d89b0d526e286dd54a116791e976
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
x86_64
httpd-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: e470ff8a10a21a16fda6c467af0dcc4ab93e971220c6a2e0481764f80a5a3af0
httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: c4e5addffb3bf286c7a21d872db812a0abb7356c5133676c0329203abdb033c5
httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 187cfd186f9a90b12425afee81edf612809f0d736a74554274fd7154bc1910c3
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 292137e74ce22ee4e299eb1d2c5f6d39a94e917ee6dc0705f6402f2087320ab3
mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0ab23a6a77d1836733a942c33dd68ea0b0da55a7f887bce0ad000e81f8a857ee
mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 3dcf8382bad2d6193b75949db80f1c1d770e18096aed7e60b9acbb6ae3342a0a
mod_session-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 4b52954a1eb699059197dbbfb9aa6ac7059123cf69087581f27b248e11a1bfce
mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
SHA-256: 0244dc48dcf963bc3b248b03e3d5a22655de9f9b24c64715a0007d4e3b73b824
Red Hat Enterprise Linux for Power, little endian 7
SRPM
httpd-2.4.6-97.el7_9.4.src.rpm
SHA-256: 66da4a948e5d30e7a3c591d075bcb9ccf139335dfc801278abb4bfbf4365b4d4
ppc64le
httpd-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: a5a30fafe3eb5d4bae01519991d43f4915d20ffd54ea345243470ecd2199fbfe
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: f0e0d63340190a6c5ab2fd812e48f5136c8ad04dec3e565469c1fc0d4f60f1aa
httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: f0e0d63340190a6c5ab2fd812e48f5136c8ad04dec3e565469c1fc0d4f60f1aa
httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: 883981ab1e04de11bad2d36a0042852a3cd99e4d1e48d1e919289c3af1506d17
httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
SHA-256: e57f8b6329facad22588c0c125c6d4a61e1a5cc7f1170570ca23db93f9c86311
httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: b5ab0f7871ed31e13ebeb1b083f03643a463fcef320ded6366ba47061e135717
mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: c1a77c4319c55b1039a26bb1de40020f22ad9e25149443874382750511ebf1f0
mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: 2778f905f7dbc0c2a9537b174971c45366e45ad662747fd78050a39a79ae9792
mod_session-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: 7c78af28d8be9ed44f1bf7eaeda60f55b4f0f4819a86faefd13e92a23e035acf
mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
SHA-256: c0ee1f3eb937e0ea035066234f477543b268023d6451ec95b775a720566e37f9