Headline
RHSA-2022:1138: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-44790: httpd: mod_lua: Possible buffer overflow when parsing multipart content
- CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-30
Updated:
2022-03-30
RHSA-2022:1138 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
- httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Fixes
- BZ - 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Red Hat Enterprise Linux Server - AUS 7.4
SRPM
httpd-2.4.6-67.el7_4.9.src.rpm
SHA-256: 7339e2c26d3ac0054935fff8087320626107e49fa8ad8ea1c0fa94f36114ceaf
x86_64
httpd-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: a3e26227c4f9810023c2e13474bec26d08945975d4817955473b2fd312a3428b
httpd-debuginfo-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: 4bc4e53840fc9bfac97a94377ca14a9538d32be40f11218fbde6cb521893b4ee
httpd-debuginfo-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: 4bc4e53840fc9bfac97a94377ca14a9538d32be40f11218fbde6cb521893b4ee
httpd-devel-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: c2c80e0b3d8a73ab551789a31418a15c1d17f25bfaff22101476314f37e28b9c
httpd-manual-2.4.6-67.el7_4.9.noarch.rpm
SHA-256: 8c4eb6857c6a9c739423fd6728935c83321ec1d9eac59af71966db8f49832fcf
httpd-tools-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: 3111b94daab0e71b89030ccb2012364431396f05745a2fa0961fb76000d0a3be
mod_ldap-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: b366bb70abcdbc325e4af9d5c05f42fb800281db07c3a1ff6eec1d96a697f3b5
mod_proxy_html-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: d523e5a1e8a1b6f171203d5eb33e6742c9c5fd57598bfc6d06e2a2c7454ebc69
mod_session-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: 4d4a4d5738b052e8added2af436c08d2645ba71178c4835714bf6437ef6a8c51
mod_ssl-2.4.6-67.el7_4.9.x86_64.rpm
SHA-256: ceb8df869fd4f6b53c41a3915d7f6b8445f8ed4b060abc0dd7227bf4b7d4c3b8
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.