RHSA-2022:1080: Red Hat Security Advisory: httpd:2.4 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-03-28

Updated:

2022-03-28

RHSA-2022:1080 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

• httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Fixes

• BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.src.rpm

SHA-256: f434df028b843d5c4460fa3502c548600522cbe1c65d1f5763078c17ba6202f3

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.src.rpm

SHA-256: 3f4da30a587ee725ccbd0c37e7c0530983bdcdfbe80c64e8e5d8ab032b016381

ppc64le

httpd-filesystem-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.noarch.rpm

SHA-256: b369961c8cec03988b685c509b436966c148d4b5068169e88bd9b8bc8c1f1320

httpd-manual-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.noarch.rpm

SHA-256: ddae4e2765a5ac908f36060af74f12e506dc2bf2e0747d1eae68ebd12646b80f

httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: f34c72803748d5744f43248abff273696230f4e359cc5d0d969dcdbf49775f75

httpd-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 61dea3fe8b3313ec1956e35f9999f327cf96e7e32b70f93f0ad58490e531cfa2

httpd-debugsource-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: fc401db4283dddac20335bf78209372d7e4e71be36a5ab3e171841a596a262c6

httpd-devel-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: c404fd3b3883782501c3512114cb0b3a17d74f7bbe82fb46e1e4ad996b6f79ce

httpd-tools-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: a189f38249136b35d04b95b94ea3013be1503a822872ed0206d87dc9701ddce9

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: bce88f9668394fe72b8c2c12780acee17ace366c9edfbabc5dd0940ebbfc4878

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: fd47cafe61d5d196a65a8e55028d400019e869aa5d2b5af964b80264d5827423

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: 099456aa25db548b8fc799fcf678f6a8d081d7baf7fd3b14996d82ea4cd695fd

mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.ppc64le.rpm

SHA-256: 87e5555fec965361242c991ba2cc98acd3bebd055b37af4ebe929f819179324f

mod_ldap-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: f46fecfe34f40ed58d49ddc8790d7ea8474b2f75d0efb2a93c5fb436cb923ba9

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: d3badb037d21a42222901c21318f73a6f57a629b8c765e626b80b51ba8be82c8

mod_md-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 3819b98723c80880433c6d43d9642e42e1dd596d8858d2713f0f655d5433a757

mod_md-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 6fe6e3df3c43dfd5c34f04a5fd2875c930cdbc7b694b0d25df8c9e4eb7f2d7d9

mod_proxy_html-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 4aeb2ade7f2e6ca42a1e0a29f36ddbdc04c61fd7bf8bed4042fb58e90d48a932

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 1b5b44619905eb6ad2b4853af834a2a6e0ea469da964c7339b49928cf32a6e13

mod_session-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: c512d2a6b06dacce61a9e392296b605f5dccd6a4ea45857957b639b08ae1c323

mod_session-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: f0e5012ef4ae7a024a3a3bb4e0a56d90d22d1b01011af4e7ebcc4f287dec6600

mod_ssl-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: 1010348a783090c4a3face73a4d43ec459ed926e05147c6a66b125f66cecd7fe

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.ppc64le.rpm

SHA-256: a42df388c9e4fd6523f166a49d640986eb0dfde555577049bf48424fcb538841

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1

SRPM

httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.src.rpm

SHA-256: f434df028b843d5c4460fa3502c548600522cbe1c65d1f5763078c17ba6202f3

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.src.rpm

SHA-256: 3f4da30a587ee725ccbd0c37e7c0530983bdcdfbe80c64e8e5d8ab032b016381

x86_64

httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 48dc18a07db72234380dcfb600e2c0ca5effb2a83dabdf9b5aa26bcc73aab248

httpd-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 6133778db9f055aeb6b53fd73605c2baeba6e054dcfc62e070df7567215c516c

httpd-debugsource-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 91ff2d722e7b8c11e3967e787f9707bb859aacf93eeb35852e9f892dff4a11ce

httpd-devel-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 60da487800e55f02bcdd3c55f11375b5bf26e92c72629780a2023606a4a15544

httpd-filesystem-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.noarch.rpm

SHA-256: b369961c8cec03988b685c509b436966c148d4b5068169e88bd9b8bc8c1f1320

httpd-manual-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.noarch.rpm

SHA-256: ddae4e2765a5ac908f36060af74f12e506dc2bf2e0747d1eae68ebd12646b80f

httpd-tools-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: ab5ab1cb83c77597e7cd96ce1e4bffeb4b7acd675ee843cd1142da8544a51aee

httpd-tools-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 2e11e0f1c87a8b4907dc1169534eb2c3b5f00f3a60dbb912b0580c72e754fd65

mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: 845d4f36b86a4047f119eb1ace6bcee53e8b262c24c70cdd966a8487f085cadd

mod_http2-debuginfo-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: e111b78d6f969969feef5ccec93d566978443bf778e1eabe4bfe103e64c20472

mod_http2-debugsource-1.11.3-3.module+el8.1.0+7763+babdfe5b.1.x86_64.rpm

SHA-256: c2eafac536ce65d33e50e591c0c4130647abeb527602c458850d2d02c806a808

mod_ldap-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: e70b6cca2621d25f67be4d5dfc49b6e7306643c89b1f455b7e0e199706b4a970

mod_ldap-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 3874cbf71f977228619872543badb5eb7adb68edcd27929188c29539d96f26cd

mod_md-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 799fa6cf16b3cdb8e7b95236046326675420e06792386a1d40b6ba045a558f09

mod_md-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 9d952d47b9848169f41a2435a2df819bdc990fa6b782355b811786107322c93c

mod_proxy_html-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 146050e03f86454abec3d8dd7386c7241a760f35f3b988f1666d860c1e72b9b5

mod_proxy_html-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: acc2519e46ea6f56a9390bb1fa42d82d1daed3625a90f3e474a5e8288da78ab9

mod_session-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 89a0b7b790b534564d5d77807d5a95e90c32ec8e5c4ec56a89fd03575bcf3d46

mod_session-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 9d8fc5c7b7f8fd48954eef81e0ac02a20e5fe8be6b56d21207581fee5120439a

mod_ssl-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: b9ccba995f96ec7d2abb8df021cf472d5e1327a61441f3a94384b6b4ad77290c

mod_ssl-debuginfo-2.4.37-16.module+el8.1.0+14533+ac5a4716.4.x86_64.rpm

SHA-256: 0e55ccffe7e72dcf71b5bd369fd236b80d24199abb775bdf23ab612abf5c4891

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.