RHSA-2021:3816: Important: httpd:2.4 security update

First published: Tue Oct 12 2021(Updated: )

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)</li> <li> httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2021:3816 (Advisory)

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/weakness
agent/remedy
agent/title
agent/tags
agent/description
agent/event
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:3816
agent/software-canonical-lookup
package-manager/redhat

RHSA-2021:3816: Important: httpd:2.4 security update

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact

Affected Software	Affected Version	How to fix
redhat/httpd	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-filesystem	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-manual	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debugsource	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-devel	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debugsource	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-devel	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-debugsource	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-devel	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd-tools-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1	2.4.37-39.module+el8.4.0+12865+a7065a39.1
redhat/httpd	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa
redhat/httpd-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa
redhat/httpd-debugsource	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa
redhat/httpd-devel	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa
redhat/httpd-tools	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa
redhat/httpd-tools-debuginfo	<2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa	2.4.37-39.module+el8.4.0+12865+a7065a39.1.aa