QID 239451
Date Published: 2021-07-01
QID 239451: Red Hat Update for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 (RHSA-2021:2472)
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es): curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901) httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618) libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169) curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) curl: Inferior OCSP verification (CVE-2020-8286) curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
Affected Products:
Red Hat JBoss Core Services 1 for RHEL 8 x86_64
Red Hat JBoss Core Services 1 for RHEL 7 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Refer to Red Hat security advisory RHSA-2021:2472 to address this issue and obtain more information.
- RHSA-2021:2472 -
access.redhat.com/errata/RHSA-2021:2472?language=en
CVEs related to QID 239451
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:2472 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:2472?language=en |