httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update


**CentOS Errata and Security Advisory** CESA-2022:0143 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-announce/2022-January/073551.html **Affected packages:** httpd httpd-devel httpd-manual httpd-tools mod_ldap mod_proxy_html mod_session mod_ssl **Upstream details at:** https://access.redhat.com/errata/RHSA-2022:0143

Affected Package

OS OS Version Package Name Package Version
CentOS 7 httpd 2.4.6-97.el7.centos.4
CentOS 7 httpd-devel 2.4.6-97.el7.centos.4
CentOS 7 httpd-manual 2.4.6-97.el7.centos.4
CentOS 7 httpd-tools 2.4.6-97.el7.centos.4
CentOS 7 mod_ldap 2.4.6-97.el7.centos.4
CentOS 7 mod_proxy_html 2.4.6-97.el7.centos.4
CentOS 7 mod_session 2.4.6-97.el7.centos.4
CentOS 7 mod_ssl 2.4.6-97.el7.centos.4
CentOS 7 httpd 2.4.6-97.el7.centos.4