httpd-2.4.62-1.el9

エラータID: AXSA:2024-9215:08

Release date: 
Thursday, December 12, 2024 - 14:20
Subject: 
httpd-2.4.62-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: HTTP response splitting (CVE-2023-38709)
* httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Solution: 

Update packages.

CVEs: 
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.4.62-1.el9.src.rpm
    MD5: fbc287e0b334d6521961a4edd34d05f4
    SHA-256: 175b114e92528507ea7cbe896de2e8b054622ad34a7c849766ab529ff70fbf6e
    Size: 7.62 MB

Asianux Server 9 for x86_64
  1. httpd-2.4.62-1.el9.x86_64.rpm
    MD5: 957ee7680396b95421343170dc6b9901
    SHA-256: 03cd6466bcb2bd24c17337350631ad609b9f8f65511047b46848fc1062394d7d
    Size: 49.90 kB
  2. httpd-core-2.4.62-1.el9.x86_64.rpm
    MD5: 28786766eb0b3d1b6c7c0b839132795e
    SHA-256: 7e719010feebc723ab2fd69bd26c09770b9b107bb8b47b2ab76081ca4a05c32c
    Size: 1.48 MB
  3. httpd-devel-2.4.62-1.el9.x86_64.rpm
    MD5: 3b801c60d4f7115bc06fb6c37a63e527
    SHA-256: daa00496a47d040d6027b2143d477020be5bbe1594da99ad6bbc0fcf70f0fbe4
    Size: 210.14 kB
  4. httpd-filesystem-2.4.62-1.el9.noarch.rpm
    MD5: a7ef70f548f8327a02a1f17c4d228aa5
    SHA-256: 76005efe6e8c557d610f31c2e5041c7c33c96d646b125773cfa92868f4339c27
    Size: 11.46 kB
  5. httpd-manual-2.4.62-1.el9.noarch.rpm
    MD5: 607ee2b636b98dfd763c8fd55a96026c
    SHA-256: ca083100536e14da9f18ecb95197fd06d850e7da015980dc9ada71d40eb33ce7
    Size: 2.30 MB
  6. httpd-tools-2.4.62-1.el9.x86_64.rpm
    MD5: 1e7822762a498098eee856c518932a63
    SHA-256: 26d93069ac1299413c1b0ea68197294c81a2bc1a5948ff43dc797e6553068662
    Size: 83.45 kB
  7. mod_ldap-2.4.62-1.el9.x86_64.rpm
    MD5: 59b798553fafb3d94b10c1776ea8587e
    SHA-256: 273b2a2c0802d495692deee93bd8e1c617c5933adcbe0d0d7b8edbfe1f77a377
    Size: 59.33 kB
  8. mod_lua-2.4.62-1.el9.x86_64.rpm
    MD5: 1aebe4b76938c7a719b0d0be91bc6d18
    SHA-256: 668218c900db864cac008649ee098d8a41fe34a1f650c480ae8a96b5725a30b5
    Size: 58.26 kB
  9. mod_proxy_html-2.4.62-1.el9.x86_64.rpm
    MD5: 23525c32ef927251e8fcd22dc129a3d1
    SHA-256: 708438bec75e69c21319899db3a7edd5af5704783a74bf20c5647e83c3c9fd44
    Size: 34.05 kB
  10. mod_session-2.4.62-1.el9.x86_64.rpm
    MD5: caa5f32d9d2eca45a4b48daca02b34c5
    SHA-256: ab8927d1d91e3028be50f8e39843f51c23050f721a08dec1125cd4e0b3bdbb0c
    Size: 46.06 kB
  11. mod_ssl-2.4.62-1.el9.x86_64.rpm
    MD5: f98f4e9b71fca3d4da59b39c7e3b0963
    SHA-256: 4e66d74c2b5c6662cb2b592261988d6810d15b8fac379e071a387ac013b6c938
    Size: 108.66 kB