(RHSA-2020:3714) Important: httpd:2.4 security update

2020-09-1012:36:30

access.redhat.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

78.6%

JSON

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xhttpd-tools-debuginfo< 2.4.37-21.module+el8.2.0+5008+cca404a3httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+5008+cca404a3.s390x.rpm
RedHatanys390xmod_md-debuginfo< 2.0.8-7.module+el8.2.0+5531+7e4d69a2mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm
RedHatanyppc64lemod_proxy_html< 2.4.37-21.module+el8.2.0+5008+cca404a3mod_proxy_html-2.4.37-21.module+el8.2.0+5008+cca404a3.ppc64le.rpm
RedHatanyx86_64httpd-devel< 2.4.37-21.module+el8.2.0+5008+cca404a3httpd-devel-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64.rpm
RedHatanys390xmod_http2< 1.11.3-3.module+el8.2.0+7758+84b4ca3e.1mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.s390x.rpm
RedHatanynoarchhttpd-filesystem< 2.4.37-21.module+el8.2.0+5008+cca404a3httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch.rpm
RedHatanyppc64lemod_proxy_html-debuginfo< 2.4.37-21.module+el8.2.0+5008+cca404a3mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+5008+cca404a3.ppc64le.rpm
RedHatanys390xmod_ldap< 2.4.37-21.module+el8.2.0+5008+cca404a3mod_ldap-2.4.37-21.module+el8.2.0+5008+cca404a3.s390x.rpm
RedHatanyaarch64httpd-debugsource< 2.4.37-21.module+el8.2.0+5008+cca404a3httpd-debugsource-2.4.37-21.module+el8.2.0+5008+cca404a3.aarch64.rpm
RedHatanyaarch64mod_http2< 1.11.3-3.module+el8.2.0+7758+84b4ca3e.1mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390x	httpd-tools-debuginfo	< 2.4.37-21.module+el8.2.0+5008+cca404a3	httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+5008+cca404a3.s390x.rpm
RedHat	any	s390x	mod_md-debuginfo	< 2.0.8-7.module+el8.2.0+5531+7e4d69a2	mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.s390x.rpm
RedHat	any	ppc64le	mod_proxy_html	< 2.4.37-21.module+el8.2.0+5008+cca404a3	mod_proxy_html-2.4.37-21.module+el8.2.0+5008+cca404a3.ppc64le.rpm
RedHat	any	x86_64	httpd-devel	< 2.4.37-21.module+el8.2.0+5008+cca404a3	httpd-devel-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64.rpm
RedHat	any	s390x	mod_http2	< 1.11.3-3.module+el8.2.0+7758+84b4ca3e.1	mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.s390x.rpm
RedHat	any	noarch	httpd-filesystem	< 2.4.37-21.module+el8.2.0+5008+cca404a3	httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch.rpm
RedHat	any	ppc64le	mod_proxy_html-debuginfo	< 2.4.37-21.module+el8.2.0+5008+cca404a3	mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+5008+cca404a3.ppc64le.rpm
RedHat	any	s390x	mod_ldap	< 2.4.37-21.module+el8.2.0+5008+cca404a3	mod_ldap-2.4.37-21.module+el8.2.0+5008+cca404a3.s390x.rpm
RedHat	any	aarch64	httpd-debugsource	< 2.4.37-21.module+el8.2.0+5008+cca404a3	httpd-debugsource-2.4.37-21.module+el8.2.0+5008+cca404a3.aarch64.rpm
RedHat	any	aarch64	mod_http2	< 1.11.3-3.module+el8.2.0+7758+84b4ca3e.1	mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1.aarch64.rpm