Headline
RHSA-2022:1137: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-44790: httpd: mod_lua: Possible buffer overflow when parsing multipart content
- CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-30
Updated:
2022-03-30
RHSA-2022:1137 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
- httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
Fixes
- BZ - 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Red Hat Enterprise Linux Server - AUS 7.7
SRPM
httpd-2.4.6-90.el7_7.3.src.rpm
SHA-256: 7fa17d3b1995a9d218531fe9189aa397a2b10193b2fc0c46d6896c54abc65c29
x86_64
httpd-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1bf859d330bc85f45cc11aace57b263409e1f66d3aa5805dd16b65193fc98822
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1a5333998f77516d9deddae478da24391875b20be6cc6ab708c64ce4d9462a49
httpd-manual-2.4.6-90.el7_7.3.noarch.rpm
SHA-256: 466604cc492cfa1e78d199b40b3243846c25f65c725f4c915646458feb946b53
httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: dea2d22c85995f20d871f58715f2658c5bfb80d13304f72ffed64fe141ea4380
mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 42ac98c05dc13141d55ee8c60b89bd9415c615a048a3fe134553d64ac470b7cc
mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 3d0657cc36d9e49066f30edec72b2ef56920b2e0713a09892fdb6f10f2a6a188
mod_session-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 81c5f8f47b108e15ccde867ebc4e5e12f1d4ccd103fc6be51e3ead32f837aaad
mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: a940613bfd2f2212ac2c5f6f490135aeb7ad64e7a711025c067d953f79808771
Red Hat Enterprise Linux Server - TUS 7.7
SRPM
httpd-2.4.6-90.el7_7.3.src.rpm
SHA-256: 7fa17d3b1995a9d218531fe9189aa397a2b10193b2fc0c46d6896c54abc65c29
x86_64
httpd-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1bf859d330bc85f45cc11aace57b263409e1f66d3aa5805dd16b65193fc98822
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1a5333998f77516d9deddae478da24391875b20be6cc6ab708c64ce4d9462a49
httpd-manual-2.4.6-90.el7_7.3.noarch.rpm
SHA-256: 466604cc492cfa1e78d199b40b3243846c25f65c725f4c915646458feb946b53
httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: dea2d22c85995f20d871f58715f2658c5bfb80d13304f72ffed64fe141ea4380
mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 42ac98c05dc13141d55ee8c60b89bd9415c615a048a3fe134553d64ac470b7cc
mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 3d0657cc36d9e49066f30edec72b2ef56920b2e0713a09892fdb6f10f2a6a188
mod_session-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 81c5f8f47b108e15ccde867ebc4e5e12f1d4ccd103fc6be51e3ead32f837aaad
mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: a940613bfd2f2212ac2c5f6f490135aeb7ad64e7a711025c067d953f79808771
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7
SRPM
httpd-2.4.6-90.el7_7.3.src.rpm
SHA-256: 7fa17d3b1995a9d218531fe9189aa397a2b10193b2fc0c46d6896c54abc65c29
ppc64le
httpd-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: 7cf88820fed58dcadd8727872e89113b84522a202c43d2dbb1fd551bbb921dfb
httpd-debuginfo-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: fd9fbabc335934f4fd8f4b3993e6be36ffb367e8c1565a74cbd9db0db0f1953a
httpd-debuginfo-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: fd9fbabc335934f4fd8f4b3993e6be36ffb367e8c1565a74cbd9db0db0f1953a
httpd-devel-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: 384b4e7a5bdf567e53587990a2df5a63e892e09d540050dd75ff45275f8b5827
httpd-manual-2.4.6-90.el7_7.3.noarch.rpm
SHA-256: 466604cc492cfa1e78d199b40b3243846c25f65c725f4c915646458feb946b53
httpd-tools-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: ba19131ba581c4cdeac8e648ac6f8f68a9a1ce0da23054db828f0e042f252b4b
mod_ldap-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: 93d05246576f60df6c9df02295252dcdaa0d27d8c5b704ed473add408ae020d7
mod_proxy_html-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: c13323d457811ce613231f30eca91b25a823e60fa2c9da8cc44e6734c4bfa9b6
mod_session-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: 8122e6009c03369c0824f8876dca2cdf27798eaff1e32366bd98ba8420f1f96d
mod_ssl-2.4.6-90.el7_7.3.ppc64le.rpm
SHA-256: 2e1745a9c0898deeface61c8ebb63fa1eff0ad5c4d45c2781bdeab383b15bda8
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7
SRPM
httpd-2.4.6-90.el7_7.3.src.rpm
SHA-256: 7fa17d3b1995a9d218531fe9189aa397a2b10193b2fc0c46d6896c54abc65c29
x86_64
httpd-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1bf859d330bc85f45cc11aace57b263409e1f66d3aa5805dd16b65193fc98822
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 55aed76671ff8d949224d271a512ee12184c036338292503d941a8a759ad71ab
httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 1a5333998f77516d9deddae478da24391875b20be6cc6ab708c64ce4d9462a49
httpd-manual-2.4.6-90.el7_7.3.noarch.rpm
SHA-256: 466604cc492cfa1e78d199b40b3243846c25f65c725f4c915646458feb946b53
httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: dea2d22c85995f20d871f58715f2658c5bfb80d13304f72ffed64fe141ea4380
mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 42ac98c05dc13141d55ee8c60b89bd9415c615a048a3fe134553d64ac470b7cc
mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 3d0657cc36d9e49066f30edec72b2ef56920b2e0713a09892fdb6f10f2a6a188
mod_session-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: 81c5f8f47b108e15ccde867ebc4e5e12f1d4ccd103fc6be51e3ead32f837aaad
mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm
SHA-256: a940613bfd2f2212ac2c5f6f490135aeb7ad64e7a711025c067d953f79808771
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.