-
Mon Sep 14 2020 Alan Steinberg <alan.steinberg@oracle.com> - 2.4.34-18.0.1.1
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
-
Mon Aug 31 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-18.1
- Resolves: #1869068 - CVE-2020-9490 httpd24-httpd: httpd: Push diary
crash on specifically crafted HTTP/2 header
-
Tue Mar 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-18
- Related: #1743959 (CVE-2019-10098) - CVE-2019-10098 httpd: mod_rewrite
potential open redirect
-
Mon Feb 03 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-16
- remove bundled mod_md module
- Resolves: #1788976 - RFE: updated collection for httpd 2.4
- Resolves: #1743959 (CVE-2019-10098) - CVE-2019-10098 httpd: mod_rewrite
potential open redirect
-
Wed Nov 13 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-15
- Related: #1725922 - duplicated cookie in Apache httpd with mod_session
-
Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-14
- Resolves: #1743996 (CVE-2019-10097) - CVE-2019-10097 httpd: null-pointer
dereference in mod_remoteip
- Resolves: #1747282 - CVE-2019-10092 httpd24-httpd: httpd: limited cross-site
scripting in mod_proxy error page
-
Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-13
- Resolves: #1744120 - Unexpected OCSP in proxy SSL connection
-
Fri Oct 04 2019 Joe Orton <jorton@redhat.com> - 2.4.34-12
- Resolves: #1725922 - duplicated cookie in Apache httpd with mod_session
-
Tue Sep 24 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-11
- Resolves: #1678567 (CVE-2018-17189) - CVE-2018-17189 httpd: mod_http2:
DoS via slow, unneeded request bodies
-
Wed Aug 28 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-10
- Resolves: #1745695 - CVE-2019-9511 httpd24-httpd: HTTP/2: large amount of
data request leads to denial of service
- Resolves: #1745680 - CVE-2019-9516 httpd24-httpd: HTTP/2: 0-length headers
leads to denial of service
- Resolves: #1745683 - CVE-2019-9517 httpd24-httpd: HTTP/2: request for large
response leads to denial of service