-
Fri Jan 27 2023 John Mcwalters <john.mcwalters@oracle.com> 2.4.6-98.0.3
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and
fixup last [CVE-2022-31813][Orabug: 34381850]
- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
-
Tue Jan 24 2023 Darren Archibald <darren.archibald@oracle.com> 2.4.6-98.0.1
- replace index.html with Oracle's index page oracle_index.html
-
Wed Dec 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.6
- Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
corrupt and mixed-up responses
-
Tue Mar 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.5
- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
-
Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.4
- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
malformed requests
- Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
ap_escape_quotes() via malicious input
- Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session
-
Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.3
- Resolves: #2035058 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
when parsing multipart content
-
Mon Oct 25 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.2
- Resolves: #2015694 - proxy rewrite to unix socket fails with CVE-2021-40438 fix
-
Thu Oct 07 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.1
- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted
request uri-path containing "unix:"
-
Wed Oct 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-97
- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending
a client cert to backend server
- Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool
concurrency issues
-
Fri Apr 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-95
- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized
value