Red Hat Product Errata RHSA-2024:4863 - Security Advisory
Issued:
2024-07-25
Updated:
2024-07-25

RHSA-2024:4863 - Security Advisory

Synopsis

Important: httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)
  • httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)
  • httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2295013 - CVE-2024-38474 httpd: Substitution encoding issue in mod_rewrite
  • BZ - 2295014 - CVE-2024-38475 httpd: Improper escaping of output in mod_rewrite
  • BZ - 2295016 - CVE-2024-38477 httpd: NULL pointer dereference in mod_proxy

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
httpd-2.4.51-7.el9_0.7.src.rpm SHA-256: b1d7b300e6f8cdd227764d930068115c217eff603b8a15edaf15c2afcba2c16c
ppc64le
httpd-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 1a6e23d6848ad15a374a037c6fcafc707d6974e48bbc782409fdef7a1e923b66
httpd-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: dc1d74dfe2981159c7bb07afc14234acb3c3c476d6509a396eb7e83e0261cb36
httpd-debugsource-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: c578d244c2241f458b208c32ef6232b415700458c26081f68b8f73779170083b
httpd-devel-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: d83476abfa996f0c35377333165f3662761a9f5b202d94731e68e7d9777571b7
httpd-filesystem-2.4.51-7.el9_0.7.noarch.rpm SHA-256: bb85e2928dc9ff33b16b397a7a0092b6be3a96e31c9359988dde5ade335df133
httpd-manual-2.4.51-7.el9_0.7.noarch.rpm SHA-256: 4096a0654175c8929a7478ac725f2bd9bd372222298898915b324e2f70355134
httpd-tools-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 269933820e95b7cc0931ac67a98880103726ded3c7708eea5f28756a50bc2f40
httpd-tools-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 0d8b2acf1daa260434fd6465e472b1fe7527e649606d60eab9e63896d56780c3
mod_ldap-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 8d50cea58d7ec07ce9249d9b37db80d3f58f15fd84a6c7bf36e073f6c0164c20
mod_ldap-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 78794420ed8fb3f9e1cc554d3b1952d78c17e9f0be5c588d6608076a330d055c
mod_lua-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 745a6df7ca4504872b9520ca85b4d9cfd941828ac4bf526ce8b5b5f863af0470
mod_lua-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: ac2855d7c70681c65a29e74f7d880520e17486787e819e10cddeca5594cb7265
mod_proxy_html-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 636c2bf814fa9f49aa6a01e88326e891d7c5aca9013c26cad6fc3afb28fcaa44
mod_proxy_html-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: e2b51e4ec45a3ef6be1a3fbbaaf5184b5083ef3e8f0cab3775f437d0b3e80162
mod_session-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: f9145984526b1c5e130591a85a2f6d9d3ec6d474e0dff9d7a5dfae31f0424fad
mod_session-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 2c308669c1fd76ca58412748bd45671cb49645b72325666774b0dfd14da454cc
mod_ssl-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 22e13da6e3417e7145a9f322fcb073df0330ccec8cd2e4f2d3f32f5385b3450a
mod_ssl-debuginfo-2.4.51-7.el9_0.7.ppc64le.rpm SHA-256: 285dbfadd3d99b8cd255ad78a0db30294f9ef0d86909f4f8c9993d2907995c24

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
httpd-2.4.51-7.el9_0.7.src.rpm SHA-256: b1d7b300e6f8cdd227764d930068115c217eff603b8a15edaf15c2afcba2c16c
x86_64
httpd-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 6187db0afab579d53c92a7c383ef9e33e20ec544ea69b2b0971c47d69ab6214f
httpd-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: d43dad5a5a26ff89226495a4a9e11031eb1b8bde48fcf49d8037bbd68a164393
httpd-debugsource-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 28e265e7e43d5de439c5150fdf82cc47ab7d9183778ad98b740b6ec97b3b0373
httpd-devel-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: a915a696aa1966d7a63f0a99854bcb7f60fc4c87f771c691834fdbd3a1df51ea
httpd-filesystem-2.4.51-7.el9_0.7.noarch.rpm SHA-256: bb85e2928dc9ff33b16b397a7a0092b6be3a96e31c9359988dde5ade335df133
httpd-manual-2.4.51-7.el9_0.7.noarch.rpm SHA-256: 4096a0654175c8929a7478ac725f2bd9bd372222298898915b324e2f70355134
httpd-tools-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 408b28f7515c7dd07e1cbb3624826fe2ddbc947c893b564be789ae280bb11871
httpd-tools-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: e5a2668a54752b9ad2a8bf395548bec35eaa8990a769be61ed47d2f687a58e8b
mod_ldap-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: fc022ef8d1560394a59b4e052d7f7c0f9079a2585d6f3cfa6ab6e1cc09872b8e
mod_ldap-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: ff6ab791d05c510450a06937a0d3335fcfab1ff1672c2be31782b1175aa35c33
mod_lua-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 312e8b9cbf8699a0aa5406719ac0207ac8548a51725617d288ed1bd345126485
mod_lua-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 96dd11ec55f81b1d9542a1594e013f9f5a90c758ae4a80cada801e3be142a00a
mod_proxy_html-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 6e5ca73ab874fcc8b302b6eb743ace913a3e1516e22d19cfe45d8096e6589424
mod_proxy_html-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 1f003f31d87bbd92f30e6c9b52539d0ace01914b0b9eceee086ca7f5ddf20f2f
mod_session-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 461fdffc2c845844f0529b8f991d8a717a11ca0a4a7d9295bd5a15f69b0b5099
mod_session-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 0879eaf8a7ad44902305df4e949c33886d60e228c49b6c1d7b875393412c993d
mod_ssl-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: 7912af0e2e94b2593a38371b27fe6c968da50f9bf7ba7a6301d2bf58273b471c
mod_ssl-debuginfo-2.4.51-7.el9_0.7.x86_64.rpm SHA-256: c3332067952e5d503baab293b2806d7376fe03c6cea4445bf630fcd9365dbb68

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
httpd-2.4.51-7.el9_0.7.src.rpm SHA-256: b1d7b300e6f8cdd227764d930068115c217eff603b8a15edaf15c2afcba2c16c
aarch64
httpd-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: e671853bfb39d2965ae18b9fb76ec70a8b2608534b96e7b1e0c400d978ce5bda
httpd-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 6589259acf6808f4036eea871d6e11794b6a4e074b6a66fa968c9661b5ab4d79
httpd-debugsource-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: cbdbf95951868f25bb35a6968ec48324820c3ff49bbd2a8afc595ff4d4cb1dd7
httpd-devel-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: ab667f29f2787bb366d421f481b9dd297e32611a9aa7df628ed6a24a8a8503b9
httpd-filesystem-2.4.51-7.el9_0.7.noarch.rpm SHA-256: bb85e2928dc9ff33b16b397a7a0092b6be3a96e31c9359988dde5ade335df133
httpd-manual-2.4.51-7.el9_0.7.noarch.rpm SHA-256: 4096a0654175c8929a7478ac725f2bd9bd372222298898915b324e2f70355134
httpd-tools-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 7560aaeb22ba412c7cb7b3d31338cb3424ebf6b6ce2fd40782e6f1d81c8cf1d6
httpd-tools-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 32a764b95fcef13649f727107829caa4ddb849258248816e8be8d8a882638385
mod_ldap-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: ce7c352178f21696a1c89b1a0c4b814b96e11ff6cf6564b0c1a9d0b6d0b45d25
mod_ldap-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 73d303d2105ddc16f5feb221b5e2fa12c6ff2dbf9dfe49454fac86069c6383e5
mod_lua-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: adfb6fa70b629531cab4b9d318fd90eb9ae929f37733dcd96b556d4115cd1a9b
mod_lua-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 78cc64f904c57f8c8d64b45d2b038bb25bc9cd58ce039a57510d969e8641058a
mod_proxy_html-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 4c56aaf58b71b43b454cd986380d77f6184e7c4ff5c69feb9856df16351d9177
mod_proxy_html-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 1a26340fce70a86438a29c0d9163d9ca57005f5b8fd8e53a2cd9a9fe1cf3e05d
mod_session-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: b3713f2073e77fe4c533b68dd24817a953036417efa7ae44d78b9b2378366b32
mod_session-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: c4e25f765c209b50b1fc1c0c338f84fbc7ec6b5ff67fd58e76b0005e72022c43
mod_ssl-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 3b54a018efbd200c5fe9a46e08f9aab253824866cd479c2be40e7e0a16a5d6c3
mod_ssl-debuginfo-2.4.51-7.el9_0.7.aarch64.rpm SHA-256: 654009cecc8f6d617d4c337fd0211541f991f621264f38ceeb030ea7ea5323ad

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
httpd-2.4.51-7.el9_0.7.src.rpm SHA-256: b1d7b300e6f8cdd227764d930068115c217eff603b8a15edaf15c2afcba2c16c
s390x
httpd-2.4.51-7.el9_0.7.s390x.rpm SHA-256: c22a24677dae5df5f625cbc1d0aa05aafa1eb502107a65868223a76fb6afed62
httpd-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: b9ec3c45b411fde1f95dcd8ef092e8448732f5ffe7bfe920b0215a5aa3da26bb
httpd-debugsource-2.4.51-7.el9_0.7.s390x.rpm SHA-256: a7119146a9a14f23b024ca714a66f6a242ea0f8b0ddcc57b6834e89fb53e221d
httpd-devel-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 78829c84de2241af47a94c36063ecd93400be6aa6801ca5a59752ebcbaeaf9fa
httpd-filesystem-2.4.51-7.el9_0.7.noarch.rpm SHA-256: bb85e2928dc9ff33b16b397a7a0092b6be3a96e31c9359988dde5ade335df133
httpd-manual-2.4.51-7.el9_0.7.noarch.rpm SHA-256: 4096a0654175c8929a7478ac725f2bd9bd372222298898915b324e2f70355134
httpd-tools-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 97af01c5c158292c99c0d0b9ec39159da10d2419dac9f3b516e622c4b07282ac
httpd-tools-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 5f0d6dddfb74081e0c5fe6575760793ea1e3bc3a5d2382734fe47d24a6912371
mod_ldap-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 0e04f20c3eb898b0bee5ba81de7fc383d6b386760c78faa6093935d522622cc9
mod_ldap-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 0f78b861ff7e039397ebf860f6192f3158f1a32143ab4b666033ef2ec97e2e3e
mod_lua-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 47739250721c8eb506bdbbb117e62f26a7568b65012e0f87f6472b5c4564d668
mod_lua-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: c6e2494d0c0bd3c572c017174fa72ebc641a305ae5897e46e4b2c7af0645db16
mod_proxy_html-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 67d37a045b982d08303ff84bb3363289b1225bb4e07089a1a85bbc1f5082abc4
mod_proxy_html-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: fd1b910f0dca44516af7395cec53e28ae03ff839cbc4e792baebf2726dbcc7c3
mod_session-2.4.51-7.el9_0.7.s390x.rpm SHA-256: ad18d7d1fb8c285a0cdd2012b94ff587f4c2c3694031ba9f769ec1218b67e313
mod_session-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 46c2dcd32535d33783c10e1934c5a11d17d008b66a664a3ccd6910d74405952a
mod_ssl-2.4.51-7.el9_0.7.s390x.rpm SHA-256: 6dff28413f7400affd8fed951914686a4eae56822c99c5fd94bcad04a0e5c32b
mod_ssl-debuginfo-2.4.51-7.el9_0.7.s390x.rpm SHA-256: c37f0377e07e3402bd40969fc3c0823807298682941ff1862698e6aff769970d

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.