-
Thu Oct 12 2017 Bruce Hill <bruce.hill@oracle.com> - 2.4.6-67.0.1.el7_4.5
- replace index.html with Oracle's index page oracle_index.html
-
Tue Sep 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67.5
- Resolves: #1493064 - CVE-2017-9798 httpd: Use-after-free by limiting
unregistered HTTP method
-
Wed Jul 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67.2
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
authentication bypass
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
in mod_auth_digest
-
Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
directives
-
Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-66
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
directives
-
Thu Apr 27 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-65
- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS
-
Tue Apr 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-64
- Resolves: #1442872 - apache user is not created during httpd installation
when apache group already exist with GID other than 48
-
Wed Mar 22 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-63
- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
httpd: various flaws
-
Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-62
- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp:
patch to set worker secret passed to tomcat
-
Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-61
- Related: #1414258 - Crash during restart or at startup in mod_ssl,
in certinfo_free() function registered by ssl_stapling_ex_init()