First published: Mon Apr 06 2020(Updated: )
This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.<br>This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> openssl: side-channel weak encryption vulnerability (CVE-2019-1547)</li> <li> httpd: memory corruption on early pushes (CVE-2019-10081)</li> <li> httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)</li> <li> httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)</li> <li> openssl: information disclosure in fork() (CVE-2019-1549)</li> <li> openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)</li> <li> httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)</li> <li> httpd: mod_rewrite potential open redirect (CVE-2019-10098)</li> <li> httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-apr | <1.6.3-86.jbcs.el7 | 1.6.3-86.jbcs.el7 |
redhat/jbcs-httpd24-brotli | <1.0.6-21.jbcs.el7 | 1.0.6-21.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-apr | <1.6.3-86.jbcs.el7 | 1.6.3-86.jbcs.el7 |
redhat/jbcs-httpd24-apr-debuginfo | <1.6.3-86.jbcs.el7 | 1.6.3-86.jbcs.el7 |
redhat/jbcs-httpd24-apr-devel | <1.6.3-86.jbcs.el7 | 1.6.3-86.jbcs.el7 |
redhat/jbcs-httpd24-brotli | <1.0.6-21.jbcs.el7 | 1.0.6-21.jbcs.el7 |
redhat/jbcs-httpd24-brotli-debuginfo | <1.0.6-21.jbcs.el7 | 1.0.6-21.jbcs.el7 |
redhat/jbcs-httpd24-brotli-devel | <1.0.6-21.jbcs.el7 | 1.0.6-21.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-httpd-debuginfo | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-httpd-devel | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-httpd-manual | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-httpd-selinux | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-httpd-tools | <2.4.37-52.jbcs.el7 | 2.4.37-52.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-openssl-debuginfo | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-openssl-devel | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-openssl-libs | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-openssl-perl | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-openssl-static | <1.1.1c-16.jbcs.el7 | 1.1.1c-16.jbcs.el7 |
redhat/jbcs-httpd24-apr | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-brotli | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-openssl | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-apr | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-apr-debuginfo | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-apr-devel | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-brotli | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-brotli-debuginfo | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-brotli-devel | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-debuginfo | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-devel | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-manual | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-selinux | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-tools | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-openssl | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-debuginfo | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-devel | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-libs | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-perl | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-static | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-apr-debuginfo | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-apr-devel | <1.6.3-86.jbcs.el6 | 1.6.3-86.jbcs.el6 |
redhat/jbcs-httpd24-brotli-debuginfo | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-brotli-devel | <1.0.6-21.jbcs.el6 | 1.0.6-21.jbcs.el6 |
redhat/jbcs-httpd24-httpd-debuginfo | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-devel | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-selinux | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-httpd-tools | <2.4.37-52.jbcs.el6 | 2.4.37-52.jbcs.el6 |
redhat/jbcs-httpd24-openssl-debuginfo | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-devel | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-libs | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-perl | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
redhat/jbcs-httpd24-openssl-static | <1.1.1c-16.jbcs.el6 | 1.1.1c-16.jbcs.el6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.