httpd:2.4 security update

2019-09-24T00:00:00
ID ELSA-2019-2893
Type oraclelinux
Reporter Oracle
Modified 2019-09-24T00:00:00

Description

httpd [2.4.37-12.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-12] - Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service mod_http2 [1.11.3-3] - Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service