Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
🔗 CVE IDs covered (23)
📋 Description
CVE-2022-1292 — openssl: c_rehash script allows command injection CVE-2022-2068 — openssl: the c_rehash script allows command injection CVE-2022-22721 — httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody CVE-2022-23943 — httpd: mod_sed: Read/write beyond bounds CVE-2022-26377 — httpd: mod_proxy_ajp: Possible request smuggling CVE-2022-27781 — curl: CERTINFO never-ending busy-loop CVE-2022-28330 — httpd: mod_isapi: out-of-bounds read CVE-2022-28614 — httpd: Out-of-bounds read via ap_rwrite() CVE-2022-28615 — httpd: Out-of-bounds read in ap_strcmp_match() CVE-2022-29824 — libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write CVE-2022-30522 — httpd: mod_sed: DoS vulnerability CVE-2022-31813 — httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-32206 — curl: HTTP compression denial of service CVE-2022-32207 — curl: Unpreserved file permissions CVE-2022-32208 — curl: FTP-KRB bad message verification CVE-2022-32221 — curl: POST following PUT confusion CVE-2022-35252 — curl: Incorrect handling of control code characters in cookies CVE-2022-37434 — zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field CVE-2022-40303 — libxml2: integer overflows with XML_PARSE_HUGE CVE-2022-40304 — libxml2: dict corruption caused by entity reference cycles CVE-2022-40674 — expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-42915 — curl: HTTP proxy double-free CVE-2022-42916 — curl: HSTS bypass via IDN
🔗 References (26)
- selfhttps://access.redhat.com/errata/RHSA-2022:8841
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064319
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064320
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2081494
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2082158
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2082204
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2094997
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095000
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095002
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095015
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095020
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2097310
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2099300
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2099305
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2099306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2116639
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2120718
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2130769
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135411
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135413
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135416
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2136266
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2136288
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8841.json