-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security, bug fix, and enhancement update Advisory ID: RHSA-2019:4126-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:4126 Issue date: 2019-12-10 CVE Names: CVE-2018-17189 CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 CVE-2019-10092 CVE-2019-10097 ==================================================================== 1. Summary: An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix(es): * httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199) * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * httpd: URL normalization inconsistency (CVE-2019-0220) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * `ExtendedStatus Off` directive when using mod_systemd causes systemctl to hang (BZ#1669213) * httpd can not be started with mod_md enabled (BZ#1673019) * Rebuild metapackage with latest scl-utils (BZ#1696527) * fix a regression introduced in r1740928 (BZ#1707636) * duplicated cookie in Apache httpd with mod_session (BZ#1725922) * Unexpected OCSP in proxy SSL connection (BZ#1744120) Enhancement(s): * RFE: updated collection for httpd 2.4 (BZ#1726706) Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1669213 - `ExtendedStatus Off` directive when using mod_systemd causes systemctl to hang 1673019 - httpd can not be started with mod_md enabled 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695036 - CVE-2019-0220 httpd: URL normalization inconsistency 1696527 - Rebuild metapackage with latest scl-utils 1707636 - fix a regression introduced in r1740928 1725922 - duplicated cookie in Apache httpd with mod_session 1743956 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page 1743996 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip 1744120 - Unexpected OCSP in proxy SSL connection 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-1.1-19.el6.src.rpm httpd24-httpd-2.4.34-15.el6.src.rpm httpd24-nghttp2-1.7.1-8.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el6.noarch.rpm x86_64: httpd24-1.1-19.el6.x86_64.rpm httpd24-build-1.1-19.el6.x86_64.rpm httpd24-httpd-2.4.34-15.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el6.x86_64.rpm httpd24-mod_session-2.4.34-15.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el6.x86_64.rpm httpd24-nghttp2-1.7.1-8.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el6.x86_64.rpm httpd24-runtime-1.1-19.el6.x86_64.rpm httpd24-scldevel-1.1-19.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-1.1-19.el6.src.rpm httpd24-httpd-2.4.34-15.el6.src.rpm httpd24-nghttp2-1.7.1-8.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el6.noarch.rpm x86_64: httpd24-1.1-19.el6.x86_64.rpm httpd24-build-1.1-19.el6.x86_64.rpm httpd24-httpd-2.4.34-15.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el6.x86_64.rpm httpd24-mod_session-2.4.34-15.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el6.x86_64.rpm httpd24-nghttp2-1.7.1-8.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el6.x86_64.rpm httpd24-runtime-1.1-19.el6.x86_64.rpm httpd24-scldevel-1.1-19.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm aarch64: httpd24-1.1-19.el7.aarch64.rpm httpd24-httpd-2.4.34-15.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-15.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-15.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-8.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-15.el7.aarch64.rpm httpd24-mod_md-2.4.34-15.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.aarch64.rpm httpd24-mod_session-2.4.34-15.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-15.el7.aarch64.rpm httpd24-nghttp2-1.7.1-8.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.aarch64.rpm httpd24-runtime-1.1-19.el7.aarch64.rpm httpd24-scldevel-1.1-19.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm ppc64le: httpd24-1.1-19.el7.ppc64le.rpm httpd24-httpd-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm httpd24-mod_md-2.4.34-15.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm httpd24-mod_session-2.4.34-15.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-15.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm httpd24-runtime-1.1-19.el7.ppc64le.rpm httpd24-scldevel-1.1-19.el7.ppc64le.rpm s390x: httpd24-1.1-19.el7.s390x.rpm httpd24-httpd-2.4.34-15.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.s390x.rpm httpd24-httpd-devel-2.4.34-15.el7.s390x.rpm httpd24-httpd-tools-2.4.34-15.el7.s390x.rpm httpd24-libnghttp2-1.7.1-8.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.s390x.rpm httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm httpd24-mod_md-2.4.34-15.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-15.el7.s390x.rpm httpd24-mod_session-2.4.34-15.el7.s390x.rpm httpd24-mod_ssl-2.4.34-15.el7.s390x.rpm httpd24-nghttp2-1.7.1-8.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm httpd24-runtime-1.1-19.el7.s390x.rpm httpd24-scldevel-1.1-19.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm aarch64: httpd24-1.1-19.el7.aarch64.rpm httpd24-httpd-2.4.34-15.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-15.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-15.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-8.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-15.el7.aarch64.rpm httpd24-mod_md-2.4.34-15.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.aarch64.rpm httpd24-mod_session-2.4.34-15.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-15.el7.aarch64.rpm httpd24-nghttp2-1.7.1-8.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.aarch64.rpm httpd24-runtime-1.1-19.el7.aarch64.rpm httpd24-scldevel-1.1-19.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm ppc64le: httpd24-1.1-19.el7.ppc64le.rpm httpd24-httpd-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm httpd24-mod_md-2.4.34-15.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm httpd24-mod_session-2.4.34-15.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-15.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm httpd24-runtime-1.1-19.el7.ppc64le.rpm httpd24-scldevel-1.1-19.el7.ppc64le.rpm s390x: httpd24-1.1-19.el7.s390x.rpm httpd24-httpd-2.4.34-15.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.s390x.rpm httpd24-httpd-devel-2.4.34-15.el7.s390x.rpm httpd24-httpd-tools-2.4.34-15.el7.s390x.rpm httpd24-libnghttp2-1.7.1-8.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.s390x.rpm httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm httpd24-mod_md-2.4.34-15.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-15.el7.s390x.rpm httpd24-mod_session-2.4.34-15.el7.s390x.rpm httpd24-mod_ssl-2.4.34-15.el7.s390x.rpm httpd24-nghttp2-1.7.1-8.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm httpd24-runtime-1.1-19.el7.s390x.rpm httpd24-scldevel-1.1-19.el7.s390x.rpm x86_64: httpd24-1.1-19.el7.x86_64.rpm httpd24-httpd-2.4.34-15.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el7.x86_64.rpm httpd24-mod_md-2.4.34-15.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.x86_64.rpm httpd24-mod_session-2.4.34-15.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el7.x86_64.rpm httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.x86_64.rpm httpd24-runtime-1.1-19.el7.x86_64.rpm httpd24-scldevel-1.1-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm ppc64le: httpd24-1.1-19.el7.ppc64le.rpm httpd24-httpd-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm httpd24-mod_md-2.4.34-15.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm httpd24-mod_session-2.4.34-15.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-15.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm httpd24-runtime-1.1-19.el7.ppc64le.rpm httpd24-scldevel-1.1-19.el7.ppc64le.rpm s390x: httpd24-1.1-19.el7.s390x.rpm httpd24-httpd-2.4.34-15.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.s390x.rpm httpd24-httpd-devel-2.4.34-15.el7.s390x.rpm httpd24-httpd-tools-2.4.34-15.el7.s390x.rpm httpd24-libnghttp2-1.7.1-8.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.s390x.rpm httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm httpd24-mod_md-2.4.34-15.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-15.el7.s390x.rpm httpd24-mod_session-2.4.34-15.el7.s390x.rpm httpd24-mod_ssl-2.4.34-15.el7.s390x.rpm httpd24-nghttp2-1.7.1-8.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm httpd24-runtime-1.1-19.el7.s390x.rpm httpd24-scldevel-1.1-19.el7.s390x.rpm x86_64: httpd24-1.1-19.el7.x86_64.rpm httpd24-httpd-2.4.34-15.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el7.x86_64.rpm httpd24-mod_md-2.4.34-15.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.x86_64.rpm httpd24-mod_session-2.4.34-15.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el7.x86_64.rpm httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.x86_64.rpm httpd24-runtime-1.1-19.el7.x86_64.rpm httpd24-scldevel-1.1-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm ppc64le: httpd24-1.1-19.el7.ppc64le.rpm httpd24-httpd-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm httpd24-mod_md-2.4.34-15.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm httpd24-mod_session-2.4.34-15.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-15.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm httpd24-runtime-1.1-19.el7.ppc64le.rpm httpd24-scldevel-1.1-19.el7.ppc64le.rpm s390x: httpd24-1.1-19.el7.s390x.rpm httpd24-httpd-2.4.34-15.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.s390x.rpm httpd24-httpd-devel-2.4.34-15.el7.s390x.rpm httpd24-httpd-tools-2.4.34-15.el7.s390x.rpm httpd24-libnghttp2-1.7.1-8.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.s390x.rpm httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm httpd24-mod_md-2.4.34-15.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-15.el7.s390x.rpm httpd24-mod_session-2.4.34-15.el7.s390x.rpm httpd24-mod_ssl-2.4.34-15.el7.s390x.rpm httpd24-nghttp2-1.7.1-8.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm httpd24-runtime-1.1-19.el7.s390x.rpm httpd24-scldevel-1.1-19.el7.s390x.rpm x86_64: httpd24-1.1-19.el7.x86_64.rpm httpd24-httpd-2.4.34-15.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el7.x86_64.rpm httpd24-mod_md-2.4.34-15.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.x86_64.rpm httpd24-mod_session-2.4.34-15.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el7.x86_64.rpm httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.x86_64.rpm httpd24-runtime-1.1-19.el7.x86_64.rpm httpd24-scldevel-1.1-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm ppc64le: httpd24-1.1-19.el7.ppc64le.rpm httpd24-httpd-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-15.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm httpd24-mod_md-2.4.34-15.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm httpd24-mod_session-2.4.34-15.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-15.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-8.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm httpd24-runtime-1.1-19.el7.ppc64le.rpm httpd24-scldevel-1.1-19.el7.ppc64le.rpm s390x: httpd24-1.1-19.el7.s390x.rpm httpd24-httpd-2.4.34-15.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.s390x.rpm httpd24-httpd-devel-2.4.34-15.el7.s390x.rpm httpd24-httpd-tools-2.4.34-15.el7.s390x.rpm httpd24-libnghttp2-1.7.1-8.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.s390x.rpm httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm httpd24-mod_md-2.4.34-15.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-15.el7.s390x.rpm httpd24-mod_session-2.4.34-15.el7.s390x.rpm httpd24-mod_ssl-2.4.34-15.el7.s390x.rpm httpd24-nghttp2-1.7.1-8.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm httpd24-runtime-1.1-19.el7.s390x.rpm httpd24-scldevel-1.1-19.el7.s390x.rpm x86_64: httpd24-1.1-19.el7.x86_64.rpm httpd24-httpd-2.4.34-15.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el7.x86_64.rpm httpd24-mod_md-2.4.34-15.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.x86_64.rpm httpd24-mod_session-2.4.34-15.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el7.x86_64.rpm httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.x86_64.rpm httpd24-runtime-1.1-19.el7.x86_64.rpm httpd24-scldevel-1.1-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-1.1-19.el7.src.rpm httpd24-httpd-2.4.34-15.el7.src.rpm httpd24-nghttp2-1.7.1-8.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-15.el7.noarch.rpm x86_64: httpd24-1.1-19.el7.x86_64.rpm httpd24-httpd-2.4.34-15.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-15.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-8.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-15.el7.x86_64.rpm httpd24-mod_md-2.4.34-15.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-15.el7.x86_64.rpm httpd24-mod_session-2.4.34-15.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-15.el7.x86_64.rpm httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-8.el7.x86_64.rpm httpd24-runtime-1.1-19.el7.x86_64.rpm httpd24-scldevel-1.1-19.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-17189 https://access.redhat.com/security/cve/CVE-2018-17199 https://access.redhat.com/security/cve/CVE-2019-0217 https://access.redhat.com/security/cve/CVE-2019-0220 https://access.redhat.com/security/cve/CVE-2019-10092 https://access.redhat.com/security/cve/CVE-2019-10097 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe9S4NzjgjWX9erEAQisYA/9Gos3/VJKmR1F0wx7jD7vj1Shix4Gky+x oVzbxrZy4XOmXSpStg845TsjOdxEcPpgoKp08uVMpSNb23TtAEZ8OK0BOpQ4YVEq Qjk3r5SbCKFuo0cU2uLsCQG6enqx8qxoEtxLyQkzsHd/e1UCqZVPMRhZIMQls/BN rD5NyPRx4Mlet/PETep7TdLK+eR1N4IjC70o726UvPvT3vJRx4kW7Tu2wAfJPzlK sPo2Rb40C6T7xVdhbxhXzZN0wb46KggVuWUok4LBMeCXeS/meRmJRdyHczMzZdCK uNMQBTKBR19R8iZhcFivcRKL3inbn8bQ6//wiK/M5/iY+zh8WR5R29AepM7laTll 787GRiQeKIk9LngYaYWrxJ5s5EteUEUAiRSnc20K55WuaUCIKrWhlBbVgyXhL1MG NqsAtytojeq91TdFqySKhmTMkTj4ehKF1r0dfrDJxPu5j2Ba76G1/QyiBAPJ+vVs 117bYDdKLRHcxddC0Nki9OHo+Q6ZOD5tY/ia8t7ewh96iWCw6VW4dY1tYU+A6FTv 0GAbgvN4UAJ7GY6/rdYDaRCJGYGr7EeGzyFMo8su00j8/d3gXHV/VtIRQUxSa17o 9XDFCzHZxozlIS9yj7x9AkByoCV3pmIujixwfs0Yg18xtuRMoDrrD1rc5bX/7ZGo ZyjDF+Jm3Wc=YwZ4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce