First published: Wed Mar 30 2022(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)</li> <li> httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
redhat/httpd | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
redhat/httpd-debuginfo | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
redhat/httpd-devel | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
redhat/httpd-manual | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
redhat/httpd-tools | <2.4.6-67.el7_4.9 | 2.4.6-67.el7_4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2022:1138 is classified as important due to potential buffer overflow vulnerabilities.
To fix RHSA-2022:1138, you should update the affected httpd packages to version 2.4.6-67.el7_4.9 or later.
RHSA-2022:1138 addresses a buffer overflow vulnerability in mod_lua and other related errors in the Apache HTTP Server.
The affected packages include httpd, httpd-debuginfo, httpd-devel, httpd-manual, and httpd-tools.
While the primary concern of RHSA-2022:1138 is security, updating may also enhance performance and stability of the web server.