Issued:: 2024-07-31
Updated:: 2024-07-31

RHSA-2024:4938 - Security Advisory

Overview
Updated Packages

Synopsis

Important: httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)
httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)
httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Fixes

BZ - 2295013 - CVE-2024-38474 httpd: Substitution encoding issue in mod_rewrite
BZ - 2295014 - CVE-2024-38475 httpd: Improper escaping of output in mod_rewrite
BZ - 2295016 - CVE-2024-38477 httpd: NULL pointer dereference in mod_proxy

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
httpd-2.4.6-90.el7_7.4.src.rpm	SHA-256: 4702c0e928a5c20bdaaf70f42d30c429ab81102c9141d701176380f7b6475e71
x86_64
httpd-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: 5dda98749400da5a1a82882649c002b71d4a04b9c9f25cedaacf3394eec8ed2c
httpd-debuginfo-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: 874949aa30a271da0b2314988a05a12d46d1d2f689b1b4dc28b308b96d86df51
httpd-debuginfo-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: 874949aa30a271da0b2314988a05a12d46d1d2f689b1b4dc28b308b96d86df51
httpd-devel-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: 3482665a657c5899d447c70ab2794b0bf3356240ea148a788298e442da2545f3
httpd-manual-2.4.6-90.el7_7.4.noarch.rpm	SHA-256: 1645f29860da95527be50e580668519bc0af5ecb0cfd08dbcfba6c08e3bd673b
httpd-tools-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: d461dd22c7a454d73a1117857f86e5ccc3aaae7bd7260550218ab3bf711a4614
mod_ldap-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: b94f31ccf5487cb63e61fab217a0d3c6d22c606dabcdfeb01a32ef40702eb262
mod_proxy_html-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: ee65a4d4dd9172f02a70c4850a0ff90506e36498782903a2c2b06fdc152df415
mod_session-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: f05a04d1d02381af8c5f8c08ee51de7476e32cf7be1b65662613c6b6c15c517f
mod_ssl-2.4.6-90.el7_7.4.x86_64.rpm	SHA-256: 0b51f4408c04add368c541fc6e8425a95baa32f6b8e2848c7b1af565d17c67cd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation