httpd:2.4 security fix update

エラータID: AXSA:2024-8660:01

Release date: 
Thursday, August 15, 2024 - 15:10
Subject: 
httpd:2.4 security fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Modularity name: "httpd"
Stream name: "2.4"

Solution: 

Update packages.

CVEs: 
CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.src.rpm
    MD5: 212386262a0e1bce0ecf930295290461
    SHA-256: 50b268b53bf9990d9719e0b7ef85ea205c9fb8c3dc140014ade1550fe4587546
    Size: 6.98 MB
  2. mod_http2-1.15.7-10.module+el8+1794+b3e3940a.src.rpm
    MD5: 615701d31690463676be660281c94ad4
    SHA-256: 931ebbfa7bb209247bb8649eebdf5640ab6382d3121c6ffdf79d65f3ed9135ce
    Size: 1.02 MB
  3. mod_md-2.0.8-8.module+el8+1794+b3e3940a.src.rpm
    MD5: 971cb96d668aafdcd0725b0f31cc55b6
    SHA-256: 10e8f6994af8cb7c9c96bcd5d1c58d03a5425a75d5064e38fdfe00f0b1c89da4
    Size: 635.32 kB

Asianux Server 8 for x86_64
  1. httpd-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: 8762d367c3e5ba0f6c5d20ddf906eb37
    SHA-256: 8eca5b4ce7bffa8a3bac419e9237641210060594d642aa49103c7b4545971fba
    Size: 1.41 MB
  2. httpd-debugsource-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: da34635e77c80ab292073e5b8013532b
    SHA-256: 48418b723c4fe3a38f27bf12b4e00c9fcaf92b72cbf150b9bb12f4b3cd85c53b
    Size: 1.46 MB
  3. httpd-devel-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: fd41eb5aeefa6c232cc5745c06840074
    SHA-256: 063b445502bdf2448e0557f1950d37823d2e131481cdc7a8ce17c2142384778b
    Size: 228.09 kB
  4. httpd-filesystem-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.noarch.rpm
    MD5: 0c8f70bb0b1922d2286e2f3532eff7b5
    SHA-256: a8fe54467ed8b65c2bf21444318fc3666b870bdbaa03e4824f005674dc3d2ea0
    Size: 44.23 kB
  5. httpd-manual-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.noarch.rpm
    MD5: be7c40566f4dedf2e7c50a8375032855
    SHA-256: 4c712acfd18a6e7f950a58422e1e6947a2dff39b464684e45e34b60921af9dc5
    Size: 2.38 MB
  6. httpd-tools-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: 4758a7b57f5f1b406dd11ba806af8f5a
    SHA-256: ff69e8385071f5327cb11e21da740760782c2325360dc3f7e5f65b29000f4faf
    Size: 111.17 kB
  7. mod_http2-1.15.7-10.module+el8+1794+b3e3940a.x86_64.rpm
    MD5: 0bba4a82278b89c7043540017651bf7b
    SHA-256: 80044e182f5240eb2d6c7babf0327bdd3425c54d3c87c8c8d4b2991ae0968eaf
    Size: 154.63 kB
  8. mod_http2-debugsource-1.15.7-10.module+el8+1794+b3e3940a.x86_64.rpm
    MD5: 313fc65ca43948ddd3b07e4c0a44b28f
    SHA-256: 3be785fc70d2afcb3da77fda230d8ec3c8088aaca1dfa880b28fda560e5deebf
    Size: 148.12 kB
  9. mod_ldap-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: 40a129025b069dfc969fe4851088b4bb
    SHA-256: 3f89094ab3acb287acbf881f942cd0b8cc0bde64444fa8e02a53cfa35fb60d56
    Size: 89.54 kB
  10. mod_md-2.0.8-8.module+el8+1794+b3e3940a.x86_64.rpm
    MD5: 4dd51a5ef76d41542c9b8195c80a87cd
    SHA-256: cd2e8c7abac7c933240d929d9768ef0fdb930a29f65ee18de6b4343f154a6290
    Size: 183.62 kB
  11. mod_md-debugsource-2.0.8-8.module+el8+1794+b3e3940a.x86_64.rpm
    MD5: 714de13b019728e5eda5539ea2b55da6
    SHA-256: 76d427d24951465fb333b6e9fc3151b1de61573a410f0d85f867156c4319257e
    Size: 126.24 kB
  12. mod_proxy_html-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: 701bdb4ddbe1ab34ebf77b114dba271b
    SHA-256: 885d87aaa601b760a4298a7ae7bf89270a3699ba0220ec8e005669c106d0dfeb
    Size: 66.74 kB
  13. mod_session-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: e3a3f925cf176ea24a38b0f298501630
    SHA-256: d36d9b22f923de68585a4d7aee409baaa714735ee69f132784d06424c2931dab
    Size: 78.31 kB
  14. mod_ssl-2.4.37-65.module+el8+1794+b3e3940a.2.ML.1.x86_64.rpm
    MD5: b6910bc4975b6101365aa666920529d9
    SHA-256: 271da707a16bdb32e79dfe8b9d914d76cfc48b51df1c785d22c67c277d2c1121
    Size: 140.94 kB