httpd:2.4 security update

🗓️ 25 Jan 2022 12:49:42Reported by Rockylinux Product ErrataType

httpd 2.4 security update affecting Rocky Linux 8. Affects mod_http2, mod_md, fix for mod_lua possible buffer overflow when parsing multipart content

Reporter	Title	Published	Views	Family All 243
0day.today	Apache 2.4.x - Buffer Overflow Exploit	2 Apr 202300:00	–	zdt
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-44790, CVE-2021-44224)	1 Apr 202210:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)	2 Mar 202214:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)	16 Mar 202208:32	–	ibm
IBM Security Bulletins	Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)	28 Feb 202217:37	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities	2 Jun 202202:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System	15 Aug 202221:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server	12 Jan 202219:17	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)	3 Feb 202321:20	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	8	aarch64	httpd	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-0:2.4.37-39.module+el8.4.0+571+fd70afb1.aarch64.rpm
Rocky Linux	8	x86_64	httpd	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-0:2.4.37-39.module+el8.4.0+571+fd70afb1.x86_64.rpm
Rocky Linux	8	aarch64	httpd	0:2.4.37-43.module+el8.5.0+714+5ec56ee8	httpd-0:2.4.37-43.module+el8.5.0+714+5ec56ee8.aarch64.rpm
Rocky Linux	8	x86_64	httpd	0:2.4.37-43.module+el8.5.0+714+5ec56ee8	httpd-0:2.4.37-43.module+el8.5.0+714+5ec56ee8.x86_64.rpm
Rocky Linux	8	aarch64	httpd-debuginfo	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-debuginfo-0:2.4.37-39.module+el8.4.0+571+fd70afb1.aarch64.rpm
Rocky Linux	8	x86_64	httpd-debuginfo	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-debuginfo-0:2.4.37-39.module+el8.4.0+571+fd70afb1.x86_64.rpm
Rocky Linux	8	aarch64	httpd-debuginfo	0:2.4.37-43.module+el8.5.0+714+5ec56ee8	httpd-debuginfo-0:2.4.37-43.module+el8.5.0+714+5ec56ee8.aarch64.rpm
Rocky Linux	8	x86_64	httpd-debuginfo	0:2.4.37-43.module+el8.5.0+714+5ec56ee8	httpd-debuginfo-0:2.4.37-43.module+el8.5.0+714+5ec56ee8.x86_64.rpm
Rocky Linux	8	aarch64	httpd-debugsource	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-debugsource-0:2.4.37-39.module+el8.4.0+571+fd70afb1.aarch64.rpm
Rocky Linux	8	x86_64	httpd-debugsource	0:2.4.37-39.module+el8.4.0+571+fd70afb1	httpd-debugsource-0:2.4.37-39.module+el8.4.0+571+fd70afb1.x86_64.rpm

25 Jan 2022 12:49Current

0.7Low risk

Vulners AI Score0.7

CVSS 27.5

CVSS 3.19.8

EPSS0.86227