Red Hat Product Errata RHSA-2021:1199 - Security Advisory
Issued:
2021-04-14
Updated:
2021-04-14

RHSA-2021:1199 - Security Advisory

Synopsis

Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.

Security fix(es):

  • openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
  • openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat JBoss Core Services 1 for RHEL 7 x86_64

Fixes

  • BZ - 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
  • BZ - 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing

Red Hat JBoss Core Services 1 for RHEL 7

SRPM
jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm SHA-256: a56435460ac2e88cca38ff302c466d2179384fb01d25743251affe0722662857
jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm SHA-256: 263d6b67d8b04f249ede414081960c9f29097bd28dd6dcb57e52aee18476e632
jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm SHA-256: e4f57aa062cd9bbfe949c2c62ca5d0823b24bbc18fd2579e49535b6daa0da44d
jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm SHA-256: c4b155866c2fc513e39bd3f3412c9bff0dab245e9f011eab7ae3163f8a298501
jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm SHA-256: 1b3bad32ee90b9e659b47c0b30c7824570f75e8439a565905058ff7c693aa8ad
jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm SHA-256: 052f762b5033c82e37f1d96b344c7bf48eae5a35e5404173645f01a8e557620e
jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm SHA-256: 96207a288fdbeb2cdb020e147724dec82f7ca4f5b41e3d5250802e94623cb9b4
jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm SHA-256: f436babb3bfd5bada8945c33859bf35dcad81297ec40599b03f50bd186b9611f
jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm SHA-256: 1e73950cd4115ee8bf87964f0090e757e97cc9ec57d3bf9941a02d3c4c7e6908
jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm SHA-256: 848e9baf2486d768929a90f1069e6b2a8c387c1e90365c56e1b738ebaeaac7c4
x86_64
jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 421f58d7e23ad7736182584ce6afc5791cd6d74faee4515fdafc3c97b86bb881
jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 7bc7f28aa38601ad63e7e08170a344f6038a5af8484feadf5be7030dd2c96c9d
jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 1dbabec5baf71c47e7d09a7f9706d9378cad38b4c696297323fed45531e8f47a
jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm SHA-256: e68c9c055e702ba6bfe30430618c0443489f4f8348a2db8a9627cfa6778679d0
jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: f64dac8b6512b3e95783be8df70c385ac1fb7ec0f4e7fc621b48ddef2e611994
jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 4af0feffc67e8a6f4654a45718c29c6479d6f640e51ce30e08b7d4b1571bb45a
jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm SHA-256: c46f4f7b436b31bcf69764422fb072083c3674c9ce3b26235ead22c7913b9bf0
jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm SHA-256: eb7f6d06ece0a785ee64c48e1ff3717408c94f5ef32eee68086c434284ad51a8
jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm SHA-256: c968bf1ef5045c282e92cd3b9c7fc0cd3bcdf96a89472f1920ada32bafa64447
jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm SHA-256: a6e59bf72a2ced975ae04f74de31c5e5481affe4b070a3bccb57258e0c9d930c
jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm SHA-256: a19951321fcd5c4f635d372077d12b3690068de23835734d357e7d2965cb902d
jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm SHA-256: 11aed4b7e527f3818e8b02806940e884278fe1f463121e659af23e243015b315
jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm SHA-256: b65bcc67b4c57ed99e9476509b47a4061d41b691f91d267a05f72c042f61c6fa
jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: dbff06519a22f139e39fe8e3c1cba4041efca335d50fc813fbe797d9589021e8
jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm SHA-256: 6c33389ea1f5940d0e77ed4797e5c467bdd365865de83af6d6bbfda62c8db455
jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm SHA-256: dfb41876d5a3d7b5d4f66ccb33f219385a883e5e768e440c25675425556e96f8
jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 42124fec9d1d77e19a02a72f626514390d84bb09b77ff849a76a943025549079
jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm SHA-256: 4adfd1ca3ca420710e6ced52516e221a1e984957a99fe8c58947c52e92fc60db
jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm SHA-256: 4db453c70d0f94ff5650397fca054df0719fde834f59b67f1f47d1853e592997
jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: a7f6ad583fb43f5e16fddb8ee59a8721d4badc385edb37aa5f50a4ae681962fa
jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm SHA-256: 1be9993eaa9ed0034efa55e719ae5234998e72bae2abb81506f9a7b07f6b3543
jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm SHA-256: 599b5534273926bf562da1206db3795b3f69b43dfd271edae7be4a2e62991512
jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm SHA-256: 2d61e635eefa678d284e2eb58be12172b4e18ab56d8f10abd3bea4d7564ed036
jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm SHA-256: c6c52f159b7eb1849225e9a5cdf8a748cbb2732be29dcb1d879ce45c77dc9711
jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: d87113edde62a06ec3ce04edaef354b102ff66fd47cecf8105c12a1ee2e81bc6
jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm SHA-256: e64c9ee24cde9f5cecca933f0939682b7d180b29672c849ba92eb79b7b8cb3aa
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm SHA-256: a51c0fe9e0acb682f937d2e12d16047988fd7bc359a0d10a33d27d62dda5be41
jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: eeee24b664a2bd79a8e307750585f2411b8c350051766e2d3a48cf8192ab41c1
jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: 4c47096af8718dc0d9c14c2fbbee498058bb689a3c7bd40ef3dd4caa8bf4170c
jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: 0c5c1fd5e2cd1d55eb27cb1f5844db1659c3b94a749c2729b979e5ffca43c97a
jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: 736e382bd67c824cf82b170290a040199526ec14ec79dbe598a4f0ad91f3a548
jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm SHA-256: be2cb623028bd20a81c99aa4442295d95a81e75c8faa043f456bd6a3ba347f3f
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm SHA-256: f9dd06a2c7f46844fc5698d60a0001eadbf7fced3295dc16ec8408de379b5fee
jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm SHA-256: fd1947338c0c49ff7d441010c1d1dd53966df3ae02619d66f5075ef099104bed

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.