Headline
RHSA-2022:1075: Red Hat Security Advisory: httpd24-httpd security update
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-28
Updated:
2022-03-28
RHSA-2022:1075 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: httpd24-httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
httpd24-httpd-2.4.34-23.el7.2.src.rpm
SHA-256: eebf4275865e2b0791a616cd53e56143345e69ffab42ae0477e065d55be0f697
x86_64
httpd24-httpd-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 900ecb6b754ab189199cd57a93d57f77eef470d4b05a1e3b49eefc172dc03516
httpd24-httpd-debuginfo-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 25aa83acee36052b828bdad2659aa01bbdb4c7f22d38bcf335a73a42babd0569
httpd24-httpd-devel-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 15319a50b39125d9afde9499e92062e32c4a17e790a40586f4959c84db2260e8
httpd24-httpd-manual-2.4.34-23.el7.2.noarch.rpm
SHA-256: 7e8932128e9e4505bde010b148b3887fdb76bad93e3662179585fe8412fda617
httpd24-httpd-tools-2.4.34-23.el7.2.x86_64.rpm
SHA-256: ac00c4059cbf40679d357543a73f0cb28afc8343ea611ce3aa40d75ea5ba65aa
httpd24-mod_ldap-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 9fcc19e39afc599af85cafcff06c8c171f30adfd4da30b3df86a42e94ead6bfb
httpd24-mod_proxy_html-2.4.34-23.el7.2.x86_64.rpm
SHA-256: a0a5b2c06d6063e343f29dfdf251cbe3885edf1464d1881500be6bc056b0117e
httpd24-mod_session-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 9e5a2f6277e498c02e3f3668c23c07cb18f484fcb68de9d463796c60bd4af470
httpd24-mod_ssl-2.4.34-23.el7.2.x86_64.rpm
SHA-256: c06aaf1c1d52bdf164c59e28afce56b80630f966a21162e1a9585a9377ff8047
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
httpd24-httpd-2.4.34-23.el7.2.src.rpm
SHA-256: eebf4275865e2b0791a616cd53e56143345e69ffab42ae0477e065d55be0f697
s390x
httpd24-httpd-2.4.34-23.el7.2.s390x.rpm
SHA-256: 8c909d1fb3337f5089f7f038d04d85d28a402e7d5e666e6838cd93215944b12a
httpd24-httpd-debuginfo-2.4.34-23.el7.2.s390x.rpm
SHA-256: 39a15e030fde2c4fcf2196f715586b1909b015a068472882932b0528acabfd97
httpd24-httpd-devel-2.4.34-23.el7.2.s390x.rpm
SHA-256: d3be0126bc3240f83636b1ea7a1e308f20d1d6411e568f2ba19f8cd4f446ed3b
httpd24-httpd-manual-2.4.34-23.el7.2.noarch.rpm
SHA-256: 7e8932128e9e4505bde010b148b3887fdb76bad93e3662179585fe8412fda617
httpd24-httpd-tools-2.4.34-23.el7.2.s390x.rpm
SHA-256: d889ab2beaf7e95c386059febff82e242ea8e6472550fce22408894144d3362a
httpd24-mod_ldap-2.4.34-23.el7.2.s390x.rpm
SHA-256: 32b7e82fa574e2052d25c92adbe24f11f920057c8ed40deb2da07e2758adcc69
httpd24-mod_proxy_html-2.4.34-23.el7.2.s390x.rpm
SHA-256: 629c77ac660c9bf6c8cd0a66a739913060298c7acdb016438c87b905d8939bb6
httpd24-mod_session-2.4.34-23.el7.2.s390x.rpm
SHA-256: 2a8cbb8d969cff0a82a155f183b0fd52df87a943673d9ab3dd54dab7546c421f
httpd24-mod_ssl-2.4.34-23.el7.2.s390x.rpm
SHA-256: 7203d2cb04f63e21df4a69b0d3484cd355bddcfc3dc7eea47f7ffa6acfb7dd43
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
httpd24-httpd-2.4.34-23.el7.2.src.rpm
SHA-256: eebf4275865e2b0791a616cd53e56143345e69ffab42ae0477e065d55be0f697
ppc64le
httpd24-httpd-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: a13a1089e27c71363ef8751bf813541b369d3cf0dd3873a1d8ad4cb179f8aaa6
httpd24-httpd-debuginfo-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: adb0ac082b1f960137e42c440a7eff3915315e8fb2c3f9f1861fc0d80ef082e2
httpd24-httpd-devel-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: 7c1536f7004742e6ff6eeff8e88c1bc830c8d4162f0e33a1bd34d1d244b59cad
httpd24-httpd-manual-2.4.34-23.el7.2.noarch.rpm
SHA-256: 7e8932128e9e4505bde010b148b3887fdb76bad93e3662179585fe8412fda617
httpd24-httpd-tools-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: 13d0158ad899b660e2e777d35f409ef006e96e7400c192520c18dc5eca8c5378
httpd24-mod_ldap-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: d57438bdda1f70420b7e032c6eacde6263c0797e08760a411d25bb1491a83288
httpd24-mod_proxy_html-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: bf8266e79a1f4c076ae15c5f2184733969f29287d2dcd418af262944cf2cdca5
httpd24-mod_session-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: 1802dfc1730c744c364ba4e145213dfeaebb64368ee325bba8851b216a7c6f21
httpd24-mod_ssl-2.4.34-23.el7.2.ppc64le.rpm
SHA-256: 9074fea0d66a505e09ff892d82163c47a1457f7911f0c8b74d8a09215ee8c20f
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
httpd24-httpd-2.4.34-23.el7.2.src.rpm
SHA-256: eebf4275865e2b0791a616cd53e56143345e69ffab42ae0477e065d55be0f697
x86_64
httpd24-httpd-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 900ecb6b754ab189199cd57a93d57f77eef470d4b05a1e3b49eefc172dc03516
httpd24-httpd-debuginfo-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 25aa83acee36052b828bdad2659aa01bbdb4c7f22d38bcf335a73a42babd0569
httpd24-httpd-devel-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 15319a50b39125d9afde9499e92062e32c4a17e790a40586f4959c84db2260e8
httpd24-httpd-manual-2.4.34-23.el7.2.noarch.rpm
SHA-256: 7e8932128e9e4505bde010b148b3887fdb76bad93e3662179585fe8412fda617
httpd24-httpd-tools-2.4.34-23.el7.2.x86_64.rpm
SHA-256: ac00c4059cbf40679d357543a73f0cb28afc8343ea611ce3aa40d75ea5ba65aa
httpd24-mod_ldap-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 9fcc19e39afc599af85cafcff06c8c171f30adfd4da30b3df86a42e94ead6bfb
httpd24-mod_proxy_html-2.4.34-23.el7.2.x86_64.rpm
SHA-256: a0a5b2c06d6063e343f29dfdf251cbe3885edf1464d1881500be6bc056b0117e
httpd24-mod_session-2.4.34-23.el7.2.x86_64.rpm
SHA-256: 9e5a2f6277e498c02e3f3668c23c07cb18f484fcb68de9d463796c60bd4af470
httpd24-mod_ssl-2.4.34-23.el7.2.x86_64.rpm
SHA-256: c06aaf1c1d52bdf164c59e28afce56b80630f966a21162e1a9585a9377ff8047
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.