RHSA-2022:0288: Red Hat Security Advisory: httpd:2.4 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-01-26

Updated:

2022-01-26

RHSA-2022:0288 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

• httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Fixes

• BZ - 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3.src.rpm

SHA-256: 0ed1bdbcea0df0c6a6d56cb459d7612038896a79dfd7093cdc88a73ee3f27a1f

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.src.rpm

SHA-256: 3f4da30a587ee725ccbd0c37e7c0530983bdcdfbe80c64e8e5d8ab032b016381

ppc64le

httpd-filesystem-2.4.37-16.module+el8.1.0+13809+822d170a.3.noarch.rpm

SHA-256: 2bb779a60b4c480384e2d89872a5673075ef7d31ef62d76cba5b0c7f5c793897

httpd-manual-2.4.37-16.module+el8.1.0+13809+822d170a.3.noarch.rpm

SHA-256: 83f1e42e39bc952d717f9b070a9b7243462d30b0cfc80eda5cdf7bfa4f19ad47

httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 9df53339fa29def8cfc22ec2cb4edeb9cac727ca5c043e5067ca5f70ab0a3124

httpd-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: c9f32d0e3b596937cf1d903df4ee2c39970a4e444af9ebbe78c99231cf123742

httpd-debugsource-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 534717601d97612e34aff94ce795c632400cf12c8b1669ec884d39dda84c8234

httpd-devel-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: de4b4c29dcd627d6bbe0f08c783a853b7bbd81db52c1683b71e969623bb2c916

httpd-tools-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 5087bea881f6ef0622747550a4d14c3b661f95822089abbd7c4bbfbe47e5698d

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: ffb90ff567dfe49013d761a8f8fef401413234bbfc0824120fb78acec1c1bc75

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: fd47cafe61d5d196a65a8e55028d400019e869aa5d2b5af964b80264d5827423

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: 099456aa25db548b8fc799fcf678f6a8d081d7baf7fd3b14996d82ea4cd695fd

mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: 87e5555fec965361242c991ba2cc98acd3bebd055b37af4ebe929f819179324f

mod_ldap-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 4c1ecb7768575a794298ce39f9b4a2535db78db7d4b5c130e5ecb00d8cc29a6b

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 80231ac53597bf1e4d347318afaadca2ec5d82a54c864c43f56efc0776721f8b

mod_md-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 93930a8b70268a0886af894c7154622aad2e3c64446fc0a9c7a46d8a9c1fd6bc

mod_md-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 052f8f700523839490b80ed26649584318593423e6adee14bcd5d9a9e6a8b063

mod_proxy_html-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 25184ef933fa495bc818c1c5b6c257f7b6d0cc8490778d2d216bd1981b254be7

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: 353313692186420c3ba4f298ae1f018dee5086dd8665382495532e38f434dca2

mod_session-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: bedccdd31296fc1f16c960949c722b554f77d9718bf71f34bd8f77616e70657b

mod_session-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: c6a2d1ff80c8fe44e7b1c23cb2d63270f53d6842d8fa8b5455466a6d4e56e227

mod_ssl-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: a5f5882db56ec5b1cde43531b413171cd9a710082fe478179e990faf69cce59e

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.ppc64le.rpm

SHA-256: c29f31f0918c98ccb8252b1299c08f127f732286eb998c4192888f45615e9cd6

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3.src.rpm

SHA-256: 0ed1bdbcea0df0c6a6d56cb459d7612038896a79dfd7093cdc88a73ee3f27a1f

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.src.rpm

SHA-256: 3f4da30a587ee725ccbd0c37e7c0530983bdcdfbe80c64e8e5d8ab032b016381

x86_64

httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: df220d5fb7c6996da51d751f8c9e62a6d73ed5059eeb0d6eb737d4948d6a1b37

httpd-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 3b1579056d244b61de43861ca07059c8372d3415076aab296f96b8333f7311cf

httpd-debugsource-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: c48748f51a7382834cd5cbc8e58a754ea0729f24b7c276c2b525a226ddc57df7

httpd-devel-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 3451a7f68c5c7ce68f68bb29fa186801c37f674d43a4ba97144c74e2f6e42b74

httpd-filesystem-2.4.37-16.module+el8.1.0+13809+822d170a.3.noarch.rpm

SHA-256: 2bb779a60b4c480384e2d89872a5673075ef7d31ef62d76cba5b0c7f5c793897

httpd-manual-2.4.37-16.module+el8.1.0+13809+822d170a.3.noarch.rpm

SHA-256: 83f1e42e39bc952d717f9b070a9b7243462d30b0cfc80eda5cdf7bfa4f19ad47

httpd-tools-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: f853a482f6e641483f592b90c65f0833a1cf03944407534bf6a5df6d421de093

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 6bbef094dd32dfb9b9136338be147aa2c01b853f1947964841a214b190519853

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: 845d4f36b86a4047f119eb1ace6bcee53e8b262c24c70cdd966a8487f085cadd

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: e111b78d6f969969feef5ccec93d566978443bf778e1eabe4bfe103e64c20472

mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: c2eafac536ce65d33e50e591c0c4130647abeb527602c458850d2d02c806a808

mod_ldap-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 3bb1538707e0da2efca44ed4fb7f5232a0f6bee176c6145049dbf051a456d37c

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: e23851b3e05b4f0fd70a522ac9e1ecb1d9ec18f25a15379b41ee3b3eaf51517d

mod_md-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 6aacb1335cce91c3b17d4dac2878c3ae141e22d0205e03aeeea1505d4b310ffe

mod_md-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 1f5336b22351a06c790283ddd068e6e628f944ce7d602b58b45d7814500131cc

mod_proxy_html-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 2a4b71076d36cb259df3564aef65e64b56726b9eee2654347b038b1a0f57e33b

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: df2791876d7ee0548e4b88e332b29576ee7f916d96f5a2a66b987977ad82f394

mod_session-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 2303788e4cc0d46188436584bc68ac2faca9b054ed64d9e20142030bf2da66fd

mod_session-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: e55b361604fc498ab81b3a4b9a1647d555c06c5a0feb28c1533a4c3adebe7c0b

mod_ssl-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: 93dfa34f12e59739390c7b37dc01f037a198d9054372c8dcdd3e29701173163d

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+13809+822d170a.3.x86_64.rpm

SHA-256: b7102ae936f96d624eb61c86972f9078e82c4ee719c147ee8cb757e5e9bac7cb

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.