[ol7_latest] mod_ssl-1:2.4.6-97.0.1.el7_9.1.aarch64

Name:	mod_ssl
Epoch:	1
Version:	2.4.6
Release:	97.0.1.el7_9.1
Architecture:	aarch64
Group:	System Environment/Daemons
Size:	278133
License:	ASL 2.0
RPM:	mod_ssl-2.4.6-97.0.1.el7_9.1.aarch64.rpm
Source RPM:	httpd-2.4.6-97.0.1.el7_9.1.src.rpm
Build Date:	Thu Oct 14 2021
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://httpd.apache.org/
Summary:	SSL/TLS module for the Apache HTTP Server
Description:	The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Changelog (Show File list) (Show related packages)

Thu Oct 14 2021 EL Errata <el-errata_ww@oracle.com> - 2.4.6-97.0.1.1
```
- replace index.html with Oracle's index page oracle_index.html
```

Thu Oct 07 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.1

- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted
  request uri-path containing "unix:"

Wed Oct 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-97

- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending
  a client cert to backend server
- Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool
  concurrency issues

Fri Apr 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-95

- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized
  value

Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-94

- Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing
  newline in the file name
- Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
- Resolves: #1724879 - httpd terminates all SSL connections using an abortive
  shutdown
- Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive
- Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in
  mod_cache_socache can allow a remote attacker to cause a denial of service
- Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in 
  mod_session can allow a remote user to modify session data for CGI applications

Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-93

- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect
  expiry time

Thu Aug 22 2019 Joe Orton <jorton@redhat.com> - 2.4.6-92
```
- htpasswd: add SHA-2 crypt() support (#1486889)
```

Wed Jul 31 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-91

- Resolves: #1630886 - scriptlet can fail if hostname is not installed
- Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in
  mod_authnz_ldap when using too small Accept-Language values
- Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after
  failure in reading the HTTP request
- Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch
  directive
- Resolves: #1633152 - mod_session missing apr-util-openssl
- Resolves: #1649470 - httpd response contains garbage in Content-Type header
- Resolves: #1724034 - Unexpected OCSP in proxy SSL connection

Sat Jun 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-90

- Resolves: #1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation
  in mod_auth_digest
- Resolves: #1696141 - CVE-2019-0217 httpd: mod_auth_digest: access control
  bypass due to race condition
- Resolves: #1696096 - CVE-2019-0220 httpd: URL normalization inconsistency

Fri Mar 15 2019 Joe Orton <jorton@redhat.com> - 2.4.6-89

- fix per-request leak of bucket brigade structure (#1583218)