Red Hat Product Errata RHSA-2024:5193 - Security Advisory
Issued:
2024-08-12
Updated:
2024-08-12

RHSA-2024:5193 - Security Advisory

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2295015 - CVE-2024-38476 httpd: Security issues via?backend applications whose response headers are malicious or exploitable

Red Hat Enterprise Linux for x86_64 8

SRPM
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.src.rpm SHA-256: bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.src.rpm SHA-256: a4b6cf609a2a4e807cb0ee5b51144abbd9a0a72003d7054e0491e31924f35541
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.src.rpm SHA-256: ee04ec16abe054d9d901e6bbb1350af78242f0e7540064db00a935f19f460c5a
x86_64
httpd-filesystem-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: e2254b4de640ba39da12045e6dd308bee1ed160686d240a6d2a071dad5910eb8
httpd-manual-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: 60fce441b6db611be3e470e2bdde90423418382fd2e76cb2968c581f0dc749e6
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 9e6b21bd42a742e85bea3a618af477d53e367400d6ceac99ca13a1ea6f2df092
httpd-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 9034612235cf9e16527ccae3507a2bcf1148fec58390049c86163059abfb36fc
httpd-debugsource-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: b85bfcad44ef649e55ef99d7b9ed8fe6654fd26a50d5ec40ed2e1289b2521623
httpd-devel-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: b28f81aa9a7307105997ccf4a0a52e36e196518ccadbc3e86fda2912a55f8541
httpd-tools-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 2b650ff7cfb275f157f849f7dc7883c4f7b9bf9f8d89e10a1406c4d7802b3387
httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 5d29cf9599e33e39f67614739463ee8f147e900bc47ed37f61efbb952f566a2f
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.x86_64.rpm SHA-256: 6bfbce10b636aa9116ad3e73302ff48e5295c62b8994288611cdb49ab50f15ce
mod_http2-debuginfo-1.15.7-10.module+el8.10.0+21653+eaff63f0.x86_64.rpm SHA-256: cd0227275897ce7fb059228986852dc681c09f13bd1095fd031f2df593ad22f7
mod_http2-debugsource-1.15.7-10.module+el8.10.0+21653+eaff63f0.x86_64.rpm SHA-256: 8fcc04eaddd13aa131b57043a7b6f52214fc02b2fd74e8454f3b6a410a265a0f
mod_ldap-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 13c444f47a4d37f5219a31d902aeccc2e0b9b9715f0b378a0681c8ea02948fee
mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 04de30d564e8f5a8c041c376b10255c7a54cdaad96882596661a86b81d5478f2
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.x86_64.rpm SHA-256: 2d09da69687fa1a1e8e4abc05a5f4fc6722c83a6adb8ab6cda0df2e2ed8987d6
mod_md-debuginfo-2.0.8-8.module+el8.9.0+19080+567b90f8.x86_64.rpm SHA-256: a094aec7c67a0163fc75cf7d72844d685759d3fe72b3b6a110c9123facba91a5
mod_md-debugsource-2.0.8-8.module+el8.9.0+19080+567b90f8.x86_64.rpm SHA-256: 080988cf03fa8d3aee550a87bf9cf4e14eaa3ee1aa79fc19c5c41a1ae04cedcb
mod_proxy_html-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 6bbb972600fa4cffdd813021de176fbade8e5bc42ee35bd2790119f3dff66945
mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: cb9536038ef32c23545ddfcdacfbf59b01f41bc358e35a237a6dccc8a6dd3b38
mod_session-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 16c88515b81476be1e3f5656aeec4624673fe4a468e23e10af56c2f132599748
mod_session-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 384b5d959879aeab9e74655d0e541871502dc3ce190ae1785a7815c9b93fb810
mod_ssl-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: edf657a76d3acc2a5b30adc01ffa2042996da5db2c7277f4866febd8f44643c2
mod_ssl-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.x86_64.rpm SHA-256: 04e7e11334d7cd095335a4a82dd07bc4ccdb19dd8b85a2dfcbf6433bf53e9284

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.src.rpm SHA-256: bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.src.rpm SHA-256: a4b6cf609a2a4e807cb0ee5b51144abbd9a0a72003d7054e0491e31924f35541
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.src.rpm SHA-256: ee04ec16abe054d9d901e6bbb1350af78242f0e7540064db00a935f19f460c5a
s390x
httpd-filesystem-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: e2254b4de640ba39da12045e6dd308bee1ed160686d240a6d2a071dad5910eb8
httpd-manual-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: 60fce441b6db611be3e470e2bdde90423418382fd2e76cb2968c581f0dc749e6
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 396b1e05c9b61595731a8bdcc927c58cecdd167367e956116aed9c1d893a6c08
httpd-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 2f22e6b653a58bc113d15628f72bdc8ac30fe1ce610720162bdb948101f7a3e3
httpd-debugsource-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 75a8244c28ce3535c0c9fc07d8ffea6dbaad6ec56e2b7aa740c7b37669667685
httpd-devel-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 26e5d1e9a9af2ce506ddc46fdd67c2994fc1856fa89d6c67b6bdcb99c62c0754
httpd-tools-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: f4e6f7ebf4a67984ae929f1dd3a730a810cf06ed3378560fc4ee7df4e586a575
httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 1a61cecedf142da474894f1e908d47d6809c94f40197cbd23a6018945480c9ff
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.s390x.rpm SHA-256: 9f2bbb7ee1e5646bbd4ebf0343b0e44b39a289a418802f7ddbe73b404f49a042
mod_http2-debuginfo-1.15.7-10.module+el8.10.0+21653+eaff63f0.s390x.rpm SHA-256: be434009848a2c3116c92c0eb9e41e04e4b3185e5203b795c163d732ea8f9b92
mod_http2-debugsource-1.15.7-10.module+el8.10.0+21653+eaff63f0.s390x.rpm SHA-256: 88fbcebfdb6633ed20ac10be8922142a6918049f931292556f25b801a3a57797
mod_ldap-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 5221a6d489872e4a4008ffb9ce845cc86b7c77759c718ed42e9489c9799e9ccd
mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 709d93de4bc0de614291420e04020c019128db0998599daf28f7925b8f842efe
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.s390x.rpm SHA-256: a9a640464f75ffb14daa0601b69178310e36c859416fdbc539a2b3783a2cee68
mod_md-debuginfo-2.0.8-8.module+el8.9.0+19080+567b90f8.s390x.rpm SHA-256: 31cf75c6ace166f398fdd9f9d22f8743bce687a7eaea96acc564c04f713ea399
mod_md-debugsource-2.0.8-8.module+el8.9.0+19080+567b90f8.s390x.rpm SHA-256: 9f317a7b1a627fd88ccd95ffa45456ebed4a348a2dd202f146f4c8962e98b7ab
mod_proxy_html-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 2c22957f1b143fdcb8043cd42c0368cd734f36aa5a4299063d63b1903bffa81a
mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: bf065d5dbc7a5dc1525f70e2f2f6d36d6c76da0f1856ae1b7e674de3c5f27da3
mod_session-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: e70af2bbe62b1a680111f74583ace36ca1140bcdcedece2f66de89a0b62ebd8e
mod_session-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 7e74b857a98aca0ddfc4c85df40f48fe28724bb004d972446f4c3921ee74ca27
mod_ssl-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: 3e267cd7d59219baf07e8ad3f155343210229df0a77a886e962b9cb7cc0b0dcd
mod_ssl-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.s390x.rpm SHA-256: f1e785603ee4edcd93dc657c1fa06ed794e2443918ced4296a9a14052581e57b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.src.rpm SHA-256: bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.src.rpm SHA-256: a4b6cf609a2a4e807cb0ee5b51144abbd9a0a72003d7054e0491e31924f35541
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.src.rpm SHA-256: ee04ec16abe054d9d901e6bbb1350af78242f0e7540064db00a935f19f460c5a
ppc64le
httpd-filesystem-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: e2254b4de640ba39da12045e6dd308bee1ed160686d240a6d2a071dad5910eb8
httpd-manual-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: 60fce441b6db611be3e470e2bdde90423418382fd2e76cb2968c581f0dc749e6
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: bebe9f75fd69dbd4ca6cd8019ceb3139423fbb63a9e6624019417e1684df986c
httpd-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: a660954f7221ecfe0b3ee69266c570d7435d2e7eb657c37553205d48a6fb99e1
httpd-debugsource-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: ba613cc64101ad88cb65c2173ebad77c284e4d944a640f16bdf35a88476a8274
httpd-devel-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: b3bb569b28cd244a8dc65cb98094ea2bcf5071d7fd08f721ca4c8feb7f316915
httpd-tools-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 86ce16a46407aadbd6e2bf44370a9eaf5c0e7fc479de61ccc0445ab4039f5f9b
httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 885361cb3096d47141864bd8865944bb0282fa2c58a61f313f3a3b303b1117e0
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.ppc64le.rpm SHA-256: 3ada5eedf30f531a8229ede310ef49047aedb7a41fedf754d652780e15c2b29b
mod_http2-debuginfo-1.15.7-10.module+el8.10.0+21653+eaff63f0.ppc64le.rpm SHA-256: 91381dbc37474af310d4f02971363adc3d8bd64c3c0cce0c6cc8968f76bbe44d
mod_http2-debugsource-1.15.7-10.module+el8.10.0+21653+eaff63f0.ppc64le.rpm SHA-256: 274d5c873233e1f24c44e687b0d3e4b76c4ef6d81a6ee7a1c4cfa4c208735e40
mod_ldap-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: c93a40c5be90dd88ecc3dde416eda98e230644aeff543e61025f276f33c5c98e
mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 9a3f0359027a4dc7ec495402d532e522bbd89bc40fb41a2bdf83810c77c4e640
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.ppc64le.rpm SHA-256: 490fefd22b82588b3c1fc82f66e2bbac7c5ddc037d5f8ff61f3f45c9be222d33
mod_md-debuginfo-2.0.8-8.module+el8.9.0+19080+567b90f8.ppc64le.rpm SHA-256: 5d01fe0b04935699f5d3a6a8b3a3be0eb6f3abd9d8da6804493bf16bcf398e17
mod_md-debugsource-2.0.8-8.module+el8.9.0+19080+567b90f8.ppc64le.rpm SHA-256: 489ca606825d8d87a967cca754de787fea7c78ad6c6d03948b345a3680232f4a
mod_proxy_html-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 3c544c2b9739e1e56f9316b1b7bd199859bb001a2337adae249b9490273f8d11
mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 0e05de33c24591953e3c3b254e3e1f11d98e0c91c3b7a39873b7454665298138
mod_session-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 1b06abc6ada2406217eee72e1e22251c0c6cf96ed739e46a74a0a7c01292996b
mod_session-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 5391cb1aa9be76a99b6e56697e7ec605007910b40c6a3a19c1659f01c335878b
mod_ssl-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 54efb1a26df6c738ec02dc850acea9b6b026d4ec9257ee1f90d4e2ecb714bb72
mod_ssl-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.ppc64le.rpm SHA-256: 9ce8a4799a787b1d36a25846e50b1738d8403bb353d6f9fd969c3aaee8cbb8f4

Red Hat Enterprise Linux for ARM 64 8

SRPM
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.src.rpm SHA-256: bc1c91f3fce3452aa7dba9810592cf2a40957ef5d3b2d23a96c1853365425c50
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.src.rpm SHA-256: a4b6cf609a2a4e807cb0ee5b51144abbd9a0a72003d7054e0491e31924f35541
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.src.rpm SHA-256: ee04ec16abe054d9d901e6bbb1350af78242f0e7540064db00a935f19f460c5a
aarch64
httpd-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 0449d31802aa3ebb8caa5c6e5a9dd92e9dde9f098fc792cb619c1bdf4a63aa32
httpd-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: bb3b35fc2f07f342cccc767d837a98ecca5af596f738032c52be418c5c654332
httpd-debugsource-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 657f40edab944c93237c42657461b9945d49b7ff76a9610def15ab17dcda041e
httpd-devel-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 68a03b01d088d1552cffce2e133fc9c723ba8cec92a74beddb5503676d55e605
httpd-filesystem-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: e2254b4de640ba39da12045e6dd308bee1ed160686d240a6d2a071dad5910eb8
httpd-manual-2.4.37-65.module+el8.10.0+22196+d82931da.2.noarch.rpm SHA-256: 60fce441b6db611be3e470e2bdde90423418382fd2e76cb2968c581f0dc749e6
httpd-tools-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: f657fee69f4eaf499f4fca1084c1da64968169fd25720f3c49635978834981fa
httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: e2ead55cc415cc76e88a706fe8437d2142efbf3272d99d6afb9b2bb4da760df7
mod_http2-1.15.7-10.module+el8.10.0+21653+eaff63f0.aarch64.rpm SHA-256: 03ab6e7a227a49a81910dbb7bb6bd5380a6d87e8370b789bdc0c0542a66104ef
mod_http2-debuginfo-1.15.7-10.module+el8.10.0+21653+eaff63f0.aarch64.rpm SHA-256: 13f8bfdfc548ef7d1bfcc460f58bdcf4e71eccfb752d382a1a7f8dc441a63dfe
mod_http2-debugsource-1.15.7-10.module+el8.10.0+21653+eaff63f0.aarch64.rpm SHA-256: 7e02f42b0c3dbb51161dba7d607c136aeb07dcd30d16f33f694591f332440a43
mod_ldap-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 059f14c8dc99cd779fc24911804223fcfea6c69c1a916523842f82df9e0b0a58
mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 37693c3c90cd6584a7ca86c99a931a6006f07bd3b7ebb4549f15b6e8c6ad062a
mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8.aarch64.rpm SHA-256: 29fa1c3f8ecd4f5919f29ff21e2c0d9ad960c650cab6f2bfe93eb5697fc8adff
mod_md-debuginfo-2.0.8-8.module+el8.9.0+19080+567b90f8.aarch64.rpm SHA-256: 4c6ebb26a0c1f87c9705da92c88e6393a82fc407f8102aaad8b061654ad5805b
mod_md-debugsource-2.0.8-8.module+el8.9.0+19080+567b90f8.aarch64.rpm SHA-256: 54a0033bc6d47a399294e950810c25b3be245713a8919e635309c64a031af7db
mod_proxy_html-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: eec8a6fbeccece18aab9eba725f9bb3cc10a70c9c47b208d85d05613dbb1d14d
mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 8e0504023c6f7d13f5640f1ff32cf7e621e55e379057fde10469036c264a26ce
mod_session-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 4121d7e11385b34d6e11d3cd6899be9c05645e971d6e80dff8091f6e0c7ffa00
mod_session-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 25d4efb43ccd951c3832beed5e1b6be1765ef0fbbb7bb5126775be8860c862fc
mod_ssl-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 3e905cd891f7205190aa2388e324cd0ca0dfbafcc7d739144c78abb1795af0ac
mod_ssl-debuginfo-2.4.37-65.module+el8.10.0+22196+d82931da.2.aarch64.rpm SHA-256: 7875965b5bead2cf6aae9eb193e9eea03de149f7b69172a3df76065168cd7299

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.