[ol7_latest] httpd-tools-2.4.6-97.0.5.el7_9.4.aarch64

Name:	httpd-tools
Version:	2.4.6
Release:	97.0.5.el7_9.4
Architecture:	aarch64
Group:	System Environment/Daemons
Size:	451095
License:	ASL 2.0
RPM:	httpd-tools-2.4.6-97.0.5.el7_9.4.aarch64.rpm
Source RPM:	httpd-2.4.6-97.0.5.el7_9.4.src.rpm
Build Date:	Tue Jan 18 2022
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://httpd.apache.org/
Summary:	Tools for use with the Apache HTTP Server
Description:	The httpd-tools package contains tools which can be used with the Apache HTTP Server.

Changelog (Show File list) (Show related packages)

Mon Jan 17 2022 David Kubat <david.kubat@oracle.com> - 2.4.6-97.0.5.4

- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
- replace index.html with Oracle's index page oracle_index.html

Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com>

- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
  malformed requests
- Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
  ap_escape_quotes() via malicious input
- Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session

Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.3

- Resolves: #2035058 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
  when parsing multipart content

Mon Oct 25 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.2

- Resolves: #2015694 - proxy rewrite to unix socket fails with CVE-2021-40438 fix

Thu Oct 07 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.1

- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted
  request uri-path containing "unix:"

Wed Oct 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-97

- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending
  a client cert to backend server
- Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool
  concurrency issues

Fri Apr 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-95

- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized
  value

Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-94

- Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing
  newline in the file name
- Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
- Resolves: #1724879 - httpd terminates all SSL connections using an abortive
  shutdown
- Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive
- Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in
  mod_cache_socache can allow a remote attacker to cause a denial of service
- Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in 
  mod_session can allow a remote user to modify session data for CGI applications

Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-93

- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect
  expiry time

Thu Aug 22 2019 Joe Orton <jorton@redhat.com> - 2.4.6-92
```
- htpasswd: add SHA-2 crypt() support (#1486889)
```