logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2020:2644) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

Description

This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) * httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) * libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Affected Package


OS OS Version Package Name Package Version
RedHat 7 jbcs-httpd24-nghttp2 1.39.2-25.jbcs.el7
RedHat 6 jbcs-httpd24-mod_jk-ap24 1.2.48-4.redhat_1.jbcs.el6
RedHat 6 jbcs-httpd24-libcurl 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-nghttp2 1.39.2-25.jbcs.el6
RedHat 7 jbcs-httpd24-nghttp2 1.39.2-25.jbcs.el7
RedHat 7 jbcs-httpd24-libcurl 7.64.1-36.jbcs.el7
RedHat 6 jbcs-httpd24-curl 7.64.1-36.jbcs.el6
RedHat 7 jbcs-httpd24-libcurl-devel 7.64.1-36.jbcs.el7
RedHat 7 jbcs-httpd24-openssl-pkcs11 0.4.10-7.jbcs.el7
RedHat 6 jbcs-httpd24-httpd 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_http2 1.15.7-3.jbcs.el6
RedHat 7 jbcs-httpd24-openssl-pkcs11-debuginfo 0.4.10-7.jbcs.el7
RedHat 7 jbcs-httpd24-httpd-debuginfo 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-nghttp2 1.39.2-25.jbcs.el6
RedHat 7 jbcs-httpd24-httpd 2.4.37-57.jbcs.el7
RedHat 7 jbcs-httpd24-mod_http2-debuginfo 1.15.7-3.jbcs.el7
RedHat 6 jbcs-httpd24-mod_md 2.0.8-24.jbcs.el6
RedHat 7 jbcs-httpd24-nghttp2-debuginfo 1.39.2-25.jbcs.el7
RedHat 7 jbcs-httpd24-curl 7.64.1-36.jbcs.el7
RedHat 6 jbcs-httpd24-mod_md-debuginfo 2.0.8-24.jbcs.el6
RedHat 6 jbcs-httpd24-mod_cluster-native 1.3.14-4.Final_redhat_2.jbcs.el6
RedHat 7 jbcs-httpd24-curl-debuginfo 7.64.1-36.jbcs.el7
RedHat 6 jbcs-httpd24-mod_md 2.0.8-24.jbcs.el6
RedHat 6 jbcs-httpd24-mod_http2 1.15.7-3.jbcs.el6
RedHat 7 jbcs-httpd24-mod_cluster-native 1.3.14-4.Final_redhat_2.jbcs.el7
RedHat 6 jbcs-httpd24-mod_md-debuginfo 2.0.8-24.jbcs.el6
RedHat 7 jbcs-httpd24-nghttp2-devel 1.39.2-25.jbcs.el7
RedHat 7 jbcs-httpd24-mod_jk 1.2.48-4.redhat_1.jbcs.el7
RedHat 6 jbcs-httpd24-httpd-tools 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-httpd-debuginfo 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_jk-debuginfo 1.2.48-4.redhat_1.jbcs.el6
RedHat 6 jbcs-httpd24-mod_proxy_html 2.4.37-57.jbcs.el6
RedHat 7 jbcs-httpd24-httpd-devel 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-httpd-debuginfo 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_security 2.9.2-51.GA.jbcs.el6
RedHat 7 jbcs-httpd24-mod_md-debuginfo 2.0.8-24.jbcs.el7
RedHat 6 jbcs-httpd24-libcurl-devel 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-mod_jk-ap24 1.2.48-4.redhat_1.jbcs.el6
RedHat 6 jbcs-httpd24-mod_ldap 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-httpd-selinux 2.4.37-57.jbcs.el6
RedHat 7 jbcs-httpd24-mod_proxy_html 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-mod_session 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_jk 1.2.48-4.redhat_1.jbcs.el6
RedHat 7 jbcs-httpd24-mod_jk-ap24 1.2.48-4.redhat_1.jbcs.el7
RedHat 6 jbcs-httpd24-mod_security 2.9.2-51.GA.jbcs.el6
RedHat 7 jbcs-httpd24-mod_md 2.0.8-24.jbcs.el7
RedHat 6 jbcs-httpd24-mod_security-debuginfo 2.9.2-51.GA.jbcs.el6
RedHat 7 jbcs-httpd24-mod_jk-debuginfo 1.2.48-4.redhat_1.jbcs.el7
RedHat 6 jbcs-httpd24-curl 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-libcurl-devel 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-httpd-selinux 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-nghttp2-devel 1.39.2-25.jbcs.el6
RedHat 7 jbcs-httpd24-httpd-manual 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-httpd-devel 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_http2 1.15.7-3.jbcs.el6
RedHat 6 jbcs-httpd24-httpd 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_jk-manual 1.2.48-4.redhat_1.jbcs.el6
RedHat 6 jbcs-httpd24-mod_session 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_security-debuginfo 2.9.2-51.GA.jbcs.el6
RedHat 6 jbcs-httpd24-httpd 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-nghttp2 1.39.2-25.jbcs.el6
RedHat 6 jbcs-httpd24-mod_ssl 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-curl 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-mod_cluster-native 1.3.14-4.Final_redhat_2.jbcs.el6
RedHat 7 jbcs-httpd24-curl 7.64.1-36.jbcs.el7
RedHat 7 jbcs-httpd24-mod_ldap 2.4.37-57.jbcs.el7
RedHat 7 jbcs-httpd24-mod_security-debuginfo 2.9.2-51.GA.jbcs.el7
RedHat 7 jbcs-httpd24-mod_http2 1.15.7-3.jbcs.el7
RedHat 7 jbcs-httpd24-mod_security 2.9.2-51.GA.jbcs.el7
RedHat 6 jbcs-httpd24-httpd-manual 2.4.37-57.jbcs.el6
RedHat 7 jbcs-httpd24-mod_jk-manual 1.2.48-4.redhat_1.jbcs.el7
RedHat 6 jbcs-httpd24-mod_jk-manual 1.2.48-4.redhat_1.jbcs.el6
RedHat 7 jbcs-httpd24-httpd-tools 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-libcurl 7.64.1-36.jbcs.el6
RedHat 7 jbcs-httpd24-mod_security 2.9.2-51.GA.jbcs.el7
RedHat 7 jbcs-httpd24-httpd 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-mod_http2-debuginfo 1.15.7-3.jbcs.el6
RedHat 6 jbcs-httpd24-mod_cluster-native 1.3.14-4.Final_redhat_2.jbcs.el6
RedHat 6 jbcs-httpd24-mod_http2-debuginfo 1.15.7-3.jbcs.el6
RedHat 6 jbcs-httpd24-curl-debuginfo 7.64.1-36.jbcs.el6
RedHat 6 jbcs-httpd24-mod_md 2.0.8-24.jbcs.el6
RedHat 6 jbcs-httpd24-curl-debuginfo 7.64.1-36.jbcs.el6
RedHat 7 jbcs-httpd24-mod_ssl 2.4.37-57.jbcs.el7
RedHat 7 jbcs-httpd24-openssl-pkcs11 0.4.10-7.jbcs.el7
RedHat 6 jbcs-httpd24-mod_ldap 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_cluster-native-debuginfo 1.3.14-4.Final_redhat_2.jbcs.el6
RedHat 7 jbcs-httpd24-mod_md 2.0.8-24.jbcs.el7
RedHat 7 jbcs-httpd24-mod_cluster-native 1.3.14-4.Final_redhat_2.jbcs.el7
RedHat 6 jbcs-httpd24-mod_ssl 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-mod_jk-debuginfo 1.2.48-4.redhat_1.jbcs.el6
RedHat 6 jbcs-httpd24-mod_cluster-native-debuginfo 1.3.14-4.Final_redhat_2.jbcs.el6
RedHat 6 jbcs-httpd24-mod_security 2.9.2-51.GA.jbcs.el6
RedHat 6 jbcs-httpd24-httpd-tools 2.4.37-57.jbcs.el6
RedHat 7 jbcs-httpd24-mod_cluster-native-debuginfo 1.3.14-4.Final_redhat_2.jbcs.el7
RedHat 7 jbcs-httpd24-httpd-selinux 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-mod_proxy_html 2.4.37-57.jbcs.el6
RedHat 7 jbcs-httpd24-mod_http2 1.15.7-3.jbcs.el7
RedHat 6 jbcs-httpd24-httpd-devel 2.4.37-57.jbcs.el6
RedHat 6 jbcs-httpd24-nghttp2-devel 1.39.2-25.jbcs.el6
RedHat 7 jbcs-httpd24-mod_session 2.4.37-57.jbcs.el7
RedHat 6 jbcs-httpd24-nghttp2-debuginfo 1.39.2-25.jbcs.el6
RedHat 6 jbcs-httpd24-nghttp2-debuginfo 1.39.2-25.jbcs.el6

Related