httpd security, bug fix, and enhancement update

2020-10-06T00:00:00
ID ELSA-2020-3958
Type oraclelinux
Reporter Oracle
Modified 2020-10-06T00:00:00

Description

[2.4.6-95.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-95] - Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [2.4.6-94] - Resolves: #1565491 - CVE-2017-15715 httpd: bypass with a trailing newline in the file name - Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect - Resolves: #1724879 - httpd terminates all SSL connections using an abortive shutdown - Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive - Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service - Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications