| httpd24-httpd-manual-2.4.34-23.el7.5.noarch
[2.4 MiB] |
Changelog
by Luboš Uhliarik (2022-09-20):
- Related: #2035029 - CVE-2021-44224 httpd24-httpd: httpd: possible NULL
dereference or SSRF in forward proxy configurations
|
| httpd24-httpd-manual-2.4.34-23.el7.2.noarch
[2.4 MiB] |
Changelog
by Luboš Uhliarik (2022-03-23):
- Resolves: #2065438 - CVE-2022-22720 httpd24-httpd: httpd: HTTP request
smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
|
| httpd24-httpd-manual-2.4.34-23.el7.1.noarch
[2.4 MiB] |
Changelog
by Luboš Uhliarik (2022-01-10):
- Resolves: #2035056 - CVE-2021-44790 httpd24-httpd: httpd: mod_lua: possible
buffer overflow when parsing multipart content
|
| httpd24-httpd-manual-2.4.34-22.el7.1.noarch
[2.4 MiB] |
Changelog
by Luboš Uhliarik (2021-09-30):
- Resolves: #2007237 - CVE-2021-40438 httpd24-httpd: httpd: mod_proxy: SSRF via
a crafted request uri-path
|
| httpd24-httpd-manual-2.4.34-22.el7.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2020-09-21):
- Resolves: #1869076 - CVE-2020-11984 httpd24-httpd: httpd: mod_proxy_uswgi
buffer overflow
- Resolves: #1607737 - TCP healthchecks failing falsely / not actually checking
- Resolves: #1869078 - CVE-2020-11993 httpd24-httpd: httpd: mod_http2 concurrent
pool usage
|
| httpd24-httpd-manual-2.4.34-18.el7.1.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2020-08-31):
- Resolves: #1869068 - CVE-2020-9490 httpd24-httpd: httpd: Push diary
crash on specifically crafted HTTP/2 header
|
| httpd24-httpd-manual-2.4.34-18.el7.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2020-03-17):
- Related: #1743959 (CVE-2019-10098) - CVE-2019-10098 httpd: mod_rewrite
potential open redirect
|
| httpd24-httpd-manual-2.4.34-15.el7.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2019-11-13):
- Related: #1725922 - duplicated cookie in Apache httpd with mod_session
|
| httpd24-httpd-manual-2.4.34-8.el7.1.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2019-08-29):
- Resolves: #1745694 - CVE-2019-9511 httpd24-httpd: HTTP/2: large amount of data
request leads to denial of service
- Resolves: #1745679 - CVE-2019-9516 httpd24-httpd: HTTP/2: 0-length headers
leads to denial of service
- Resolves: #1745682 - CVE-2019-9517 httpd24-httpd: HTTP/2: request for large
response leads to denial of service
|
| httpd24-httpd-manual-2.4.34-7.el7.1.noarch
[2.4 MiB] |
Changelog
by Lubos Uhliarik (2019-04-03):
- Resolves: #1695428 - CVE-2019-0211 httpd24-httpd: httpd: privilege escalation
from modules scripts
|
| httpd24-httpd-manual-2.4.34-7.el7.noarch
[2.4 MiB] |
Changelog
by Luboš Uhliarik (2018-11-06):
- Resolves: #1646937 - Unable to start httpd
- Resolves: #1638711 - comments should be allowed at the end of Allow from
statements
|
| httpd24-httpd-manual-2.4.27-8.el7.1.noarch
[2.3 MiB] |
Changelog
by Luboš Uhliarik (2018-05-04):
- Resolves: #1569093 - HTTP/2 connections hang and timeout
|
| httpd24-httpd-manual-2.4.27-8.el7.noarch
[2.3 MiB] |
Changelog
by Luboš Uhliarik (2017-09-20):
- Resolves: #1480506 - mod_authz_dbd segfaults when AuthzDBDQuery missing
|
| httpd24-httpd-manual-2.4.25-9.el7.noarch
[2.3 MiB] |
Changelog
by Joe Orton (2017-03-24):
- link only httpd, not support/* against -lselinux -lsystemd (#1433474)
- don't enable SO_REUSEPORT in default configuration (#1432249)
|
| httpd24-httpd-manual-2.4.18-11.el7.noarch
[1.4 MiB] |
Changelog
by Joe Orton (2016-07-13):
- add security fix for CVE-2016-5387
- mod_ssl: add security fix for CVE-2016-4979
|
| httpd24-httpd-manual-2.4.18-10.el7.noarch
[1.4 MiB] |
Changelog
by Joe Orton (2016-04-15):
- load more built modules (including mod_http2) by default (#1302653)
- lower log-level for mod_ssl NPN debugging (#1302653)
|
| httpd24-httpd-manual-2.4.12-6.el7.1.noarch
[1.4 MiB] |
Changelog
by Jan Kaluza (2015-08-11):
- core: fix chunk header parsing defect (CVE-2015-3183)
- core: replace of ap_some_auth_required with ap_some_authn_required
and ap_force_authn hook (CVE-2015-3185)
- core: fix pointer dereference crash with ErrorDocument 400 pointing
to a local URL-path (CVE-2015-0253)
- mod_lua: fix possible mod_lua crash due to websocket bug (CVE-2015-0228)
|