Issued:: 2022-03-30
Updated:: 2022-03-30

RHSA-2022:1138 - Security Advisory

Overview
Updated Packages

Synopsis

Important: httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

Red Hat Enterprise Linux Server - AUS 7.4 x86_64

Fixes

BZ - 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
BZ - 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
httpd-2.4.6-67.el7_4.9.src.rpm	SHA-256: 7339e2c26d3ac0054935fff8087320626107e49fa8ad8ea1c0fa94f36114ceaf
x86_64
httpd-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: a3e26227c4f9810023c2e13474bec26d08945975d4817955473b2fd312a3428b
httpd-debuginfo-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: 4bc4e53840fc9bfac97a94377ca14a9538d32be40f11218fbde6cb521893b4ee
httpd-debuginfo-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: 4bc4e53840fc9bfac97a94377ca14a9538d32be40f11218fbde6cb521893b4ee
httpd-devel-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: c2c80e0b3d8a73ab551789a31418a15c1d17f25bfaff22101476314f37e28b9c
httpd-manual-2.4.6-67.el7_4.9.noarch.rpm	SHA-256: 8c4eb6857c6a9c739423fd6728935c83321ec1d9eac59af71966db8f49832fcf
httpd-tools-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: 3111b94daab0e71b89030ccb2012364431396f05745a2fa0961fb76000d0a3be
mod_ldap-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: b366bb70abcdbc325e4af9d5c05f42fb800281db07c3a1ff6eec1d96a697f3b5
mod_proxy_html-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: d523e5a1e8a1b6f171203d5eb33e6742c9c5fd57598bfc6d06e2a2c7454ebc69
mod_session-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: 4d4a4d5738b052e8added2af436c08d2645ba71178c4835714bf6437ef6a8c51
mod_ssl-2.4.6-67.el7_4.9.x86_64.rpm	SHA-256: ceb8df869fd4f6b53c41a3915d7f6b8445f8ed4b060abc0dd7227bf4b7d4c3b8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation