-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24 security, bug fix, and enhancement update Advisory ID: RHSA-2018:3558-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3558 Issue date: 2018-11-13 CVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2017-7407 CVE-2017-8816 CVE-2017-8817 CVE-2017-15710 CVE-2017-15715 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 CVE-2018-11763 CVE-2018-14618 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 ===================================================================== 1. Summary: An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928) Security Fix(es): * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283) * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303) * httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333) * httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763) * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * httpd: bypass with a trailing newline in the file name (CVE-2017-15715) * httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301) * httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121. Bug Fix(es): * Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737) Enhancement(s): * This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722) Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1362199 - CVE-2016-5421 curl: Use of connection struct after free 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388370 - CVE-2016-8615 curl: Cookie injection for other servers 1388371 - CVE-2016-8616 curl: Case insensitive password comparison 1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication 1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf 1388379 - CVE-2016-8619 curl: Double-free in krb5 code 1388382 - CVE-2016-8620 curl: Glob parser write/read out of bounds 1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read 1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation 1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies 1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#' 1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host 1406712 - CVE-2016-9586 curl: printf floating point buffer overflow 1439190 - CVE-2017-7407 curl: --write-out out of bounds read 1478309 - CVE-2017-1000101 curl: URL globbing out of bounds read 1478310 - CVE-2017-1000100 curl: TFTP sends more than buffer size 1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read 1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read 1515757 - CVE-2017-8816 curl: NTLM buffer overflow via integer overflow 1515760 - CVE-2017-8817 curl: FTP wildcard out of bounds read 1518737 - HTTP/2 connections hang and timeout 1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects 1540167 - provides without httpd24 pre/in-fix 1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write 1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference 1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read 1558450 - Not able to use SSLOpenSSLConfCmd with httpd24-httpd-2.4.27. 1560395 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications 1560399 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS 1560599 - CVE-2017-15710 httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values 1560614 - CVE-2017-15715 httpd: bypass with a trailing newline in the file name 1560634 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest 1560643 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request 1575536 - CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service 1605048 - CVE-2018-1333 httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS 1622707 - CVE-2018-14618 curl: NTLM password overflow via integer overflow 1628389 - Make OCSP more configurable (like CRL) 1633260 - mod_session missing apr-util-openssl 1633399 - CVE-2018-11763 httpd: DoS for HTTP/2 connections by continuous SETTINGS frames 1634830 - FTBFS: httpd24-httpd 1640722 - mod_md is missing in httpd24-httpd 1646937 - Unable to start httpd 1648928 - Rebase curl to the latest version 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-5421 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-7167 https://access.redhat.com/security/cve/CVE-2016-8615 https://access.redhat.com/security/cve/CVE-2016-8616 https://access.redhat.com/security/cve/CVE-2016-8617 https://access.redhat.com/security/cve/CVE-2016-8618 https://access.redhat.com/security/cve/CVE-2016-8619 https://access.redhat.com/security/cve/CVE-2016-8620 https://access.redhat.com/security/cve/CVE-2016-8621 https://access.redhat.com/security/cve/CVE-2016-8622 https://access.redhat.com/security/cve/CVE-2016-8623 https://access.redhat.com/security/cve/CVE-2016-8624 https://access.redhat.com/security/cve/CVE-2016-8625 https://access.redhat.com/security/cve/CVE-2016-9586 https://access.redhat.com/security/cve/CVE-2017-7407 https://access.redhat.com/security/cve/CVE-2017-8816 https://access.redhat.com/security/cve/CVE-2017-8817 https://access.redhat.com/security/cve/CVE-2017-15710 https://access.redhat.com/security/cve/CVE-2017-15715 https://access.redhat.com/security/cve/CVE-2017-1000100 https://access.redhat.com/security/cve/CVE-2017-1000101 https://access.redhat.com/security/cve/CVE-2017-1000254 https://access.redhat.com/security/cve/CVE-2017-1000257 https://access.redhat.com/security/cve/CVE-2018-1283 https://access.redhat.com/security/cve/CVE-2018-1301 https://access.redhat.com/security/cve/CVE-2018-1303 https://access.redhat.com/security/cve/CVE-2018-1312 https://access.redhat.com/security/cve/CVE-2018-1333 https://access.redhat.com/security/cve/CVE-2018-11763 https://access.redhat.com/security/cve/CVE-2018-14618 https://access.redhat.com/security/cve/CVE-2018-1000007 https://access.redhat.com/security/cve/CVE-2018-1000120 https://access.redhat.com/security/cve/CVE-2018-1000121 https://access.redhat.com/security/cve/CVE-2018-1000122 https://access.redhat.com/security/cve/CVE-2018-1000301 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+qMytzjgjWX9erEAQgLzQ//V6p0MJlmHHuvBRYszVGnu43cqKkSzERl vPJnEBEdzaU1+hxnBpN+PwWRp+X0j7EIgEnc3yBMSqnKnZUXhbW+2AlWKFSu96i1 WcDdaxtFkD8opjERjN+ckuOnk2Eh24eWAYoDIn0WqTR7seOdvdXsURROOyvugwXP ulGH+RQhwyxBYvYKp1RmX+REgKfW99wMxpd7B4depYhsI5ZkTzhyTbnp2E+v/XpY r8NqBJEV0C69sHrddBjvDMl+M0vwPw0X1YWEGsP20tZ3nqGPCVlCegQ+WCUU36HH 1Asxa1s2/50vlY5Aa79iJuAlotw/qy4Cxvm98A33ImBvI1WMfoRXmmkOYcOsTP3o 38fkPK4XuDiimWj+ODq29WsqvjJTZgCD32lw7MgjeyH+0u4aMYnImRtC7tG2ykRU ETXqLCnQ1I1We2ar3vI9xYLJ+wmc/Iy479eDWziiQztO2RusHxXTStt2n5XEGg1Z ylahAIyX989zJ3UcSs2h8dbMqjFzHZtie6xEtgFH8fsaPr36HjvKrTzj9rIN2xgt D1EcxjUVJRp536TzS5ULmAQSAfURruq6xTyuxI9+nDNfFXJbKI5IxIR1W6jkVIMD N1asv6UUHNzFmJgnmd94AlqDK2iCdoZBwmosk6ICcBmJVrWPMXjBDGNS3GtbKOdj RkKELMK+M5A= =7w7/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce