Synopsis: Moderate: httpd security, bug fix, and enhancement update Advisory ID: SLSA-2020:3958-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-10098 CVE-2017-15715 CVE-2020-1934 CVE-2018-1283 CVE-2018-1303 CVE-2020-1927 -- Security Fix(es): * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283) * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303) * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) -- SL7 x86_64 httpd-manual-2.4.6-95.el7.noarch.rpm httpd-2.4.6-95.el7.x86_64.rpm httpd-devel-2.4.6-95.el7.x86_64.rpm mod_session-2.4.6-95.el7.x86_64.rpm mod_ssl-2.4.6-95.el7.x86_64.rpm httpd-tools-2.4.6-95.el7.x86_64.rpm httpd-debuginfo-2.4.6-95.el7.x86_64.rpm mod_ldap-2.4.6-95.el7.x86_64.rpm mod_proxy_html-2.4.6-95.el7.x86_64.rpm noarch httpd-manual-2.4.6-95.el7.noarch.rpm - Scientific Linux Development Team