[ol7_latest] mod_session-2.4.6-95.0.1.el7.aarch64

Name:	mod_session
Version:	2.4.6
Release:	95.0.1.el7
Architecture:	aarch64
Group:	System Environment/Daemons
Size:	343767
License:	ASL 2.0
RPM:	mod_session-2.4.6-95.0.1.el7.aarch64.rpm
Source RPM:	httpd-2.4.6-95.0.1.el7.src.rpm
Build Date:	Thu Oct 01 2020
Build Host:	ca-buildarm04.us.oracle.com
Vendor:	Oracle America
URL:	http://httpd.apache.org/
Summary:	Session interface for the Apache HTTP Server
Description:	The mod_session module and associated backends provide an abstract interface for storing and accessing per-user session data.

Changelog (Show File list) (Show related packages)

Wed Sep 30 2020 EL Errata <el-errata_ww@oracle.com> - 2.4.6-95.0.1
```
- replace index.html with Oracle's index page oracle_index.html
```

Fri Apr 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-95

- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized
  value

Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-94

- Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing
  newline in the file name
- Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
- Resolves: #1724879 - httpd terminates all SSL connections using an abortive
  shutdown
- Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive
- Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in
  mod_cache_socache can allow a remote attacker to cause a denial of service
- Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in 
  mod_session can allow a remote user to modify session data for CGI applications

Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-93

- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect
  expiry time

Thu Aug 22 2019 Joe Orton <jorton@redhat.com> - 2.4.6-92
```
- htpasswd: add SHA-2 crypt() support (#1486889)
```

Wed Jul 31 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-91

- Resolves: #1630886 - scriptlet can fail if hostname is not installed
- Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in
  mod_authnz_ldap when using too small Accept-Language values
- Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after
  failure in reading the HTTP request
- Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch
  directive
- Resolves: #1633152 - mod_session missing apr-util-openssl
- Resolves: #1649470 - httpd response contains garbage in Content-Type header
- Resolves: #1724034 - Unexpected OCSP in proxy SSL connection

Sat Jun 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-90

- Resolves: #1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation
  in mod_auth_digest
- Resolves: #1696141 - CVE-2019-0217 httpd: mod_auth_digest: access control
  bypass due to race condition
- Resolves: #1696096 - CVE-2019-0220 httpd: URL normalization inconsistency

Fri Mar 15 2019 Joe Orton <jorton@redhat.com> - 2.4.6-89

- fix per-request leak of bucket brigade structure (#1583218)

Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-88

- Resolves: #1527295 - httpd with worker/event mpm segfaults after multiple
  SIGUSR1

Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-87

- Resolves: #1458364 - RMM list corruption in ldap module results in server hang