Synopsis: Moderate: httpd security, bug fix, and enhancement update
Advisory ID: SLSA-2020:3958-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2019-10098
CVE-2017-15715
CVE-2020-1934
CVE-2018-1283
CVE-2018-1303
CVE-2020-1927
--
Security Fix(es):
* httpd: Improper handling of headers in mod_session can allow a remote
user to modify session data for CGI applications (CVE-2018-1283)
* httpd: Out of bounds read in mod_cache_socache can allow a remote
attacker to cause DoS (CVE-2018-1303)
* httpd: mod_rewrite configurations vulnerable to open redirect
(CVE-2020-1927)
* httpd: <FilesMatch> bypass with a trailing newline in the file name
(CVE-2017-15715)
* httpd: mod_rewrite potential open redirect (CVE-2019-10098)
* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
--
SL7
x86_64
httpd-manual-2.4.6-95.el7.noarch.rpm
httpd-2.4.6-95.el7.x86_64.rpm
httpd-devel-2.4.6-95.el7.x86_64.rpm
mod_session-2.4.6-95.el7.x86_64.rpm
mod_ssl-2.4.6-95.el7.x86_64.rpm
httpd-tools-2.4.6-95.el7.x86_64.rpm
httpd-debuginfo-2.4.6-95.el7.x86_64.rpm
mod_ldap-2.4.6-95.el7.x86_64.rpm
mod_proxy_html-2.4.6-95.el7.x86_64.rpm
noarch
httpd-manual-2.4.6-95.el7.noarch.rpm
- Scientific Linux Development Team
