httpd:2.4 security update

🗓️ 14 Jun 2024 13:59:30Reported by Rockylinux Product ErrataType

Security update available for httpd 2.4 and related modules, affecting Rocky Linux 8. Includes fixes for out-of-bounds read vulnerability and memory exhaustion vulnerability.

Reporter	Title	Published	Views	Family All 291
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities	24 Apr 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122)	25 Oct 202320:19	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-31122]	6 Mar 202406:38	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.	14 Dec 202412:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	11 Mar 202519:26	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-31122)	6 Nov 202314:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.	2 Apr 202413:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to an attacker uploading arbitrary files and obtaining sensitive information (CVE-2023-45802, CVE-2023-31122)	16 Feb 202421:57	–	ibm
GithubExploit	Exploit for Improper Resource Shutdown or Release in Apache Http_Server	19 Apr 202619:34	–	githubexploit
ATTACKERKB	CVE-2023-44487	10 Oct 202300:00	–	attackerkb

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	8	aarch64	httpd	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-0:2.4.37-64.module+el8.10.0+1717+030a9fed.aarch64.rpm
Rocky Linux	8	x86_64	httpd	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-0:2.4.37-64.module+el8.10.0+1717+030a9fed.x86_64.rpm
Rocky Linux	8	aarch64	httpd-debuginfo	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-debuginfo-0:2.4.37-64.module+el8.10.0+1717+030a9fed.aarch64.rpm
Rocky Linux	8	x86_64	httpd-debuginfo	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-debuginfo-0:2.4.37-64.module+el8.10.0+1717+030a9fed.x86_64.rpm
Rocky Linux	8	aarch64	httpd-debugsource	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-debugsource-0:2.4.37-64.module+el8.10.0+1717+030a9fed.aarch64.rpm
Rocky Linux	8	x86_64	httpd-debugsource	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-debugsource-0:2.4.37-64.module+el8.10.0+1717+030a9fed.x86_64.rpm
Rocky Linux	8	aarch64	httpd-devel	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-devel-0:2.4.37-64.module+el8.10.0+1717+030a9fed.aarch64.rpm
Rocky Linux	8	x86_64	httpd-devel	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-devel-0:2.4.37-64.module+el8.10.0+1717+030a9fed.x86_64.rpm
Rocky Linux	8	any	httpd-filesystem	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-filesystem-0:2.4.37-64.module+el8.10.0+1717+030a9fed.noarch.rpm
Rocky Linux	8	any	httpd-manual	0:2.4.37-64.module+el8.10.0+1717+030a9fed	httpd-manual-0:2.4.37-64.module+el8.10.0+1717+030a9fed.noarch.rpm

14 Jun 2024 13:59Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5

EPSS0.02793

SSVC