Amazon Linux 2023 Security Advisory: ALAS-2024-681
Advisory Release Date: 2024-08-01 04:06 Pacific
Advisory Updated Date: 2024-08-06 15:00 Pacific
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue. (CVE-2024-40725)
Affected Packages:
httpd
Issue Correction:
Run dnf update httpd --releasever 2023.5.20240805 to update your system.
aarch64:
mod_lua-debuginfo-2.4.62-1.amzn2023.aarch64
httpd-debuginfo-2.4.62-1.amzn2023.aarch64
mod_proxy_html-2.4.62-1.amzn2023.aarch64
httpd-tools-debuginfo-2.4.62-1.amzn2023.aarch64
mod_session-debuginfo-2.4.62-1.amzn2023.aarch64
httpd-tools-2.4.62-1.amzn2023.aarch64
mod_ldap-2.4.62-1.amzn2023.aarch64
httpd-2.4.62-1.amzn2023.aarch64
mod_session-2.4.62-1.amzn2023.aarch64
mod_ldap-debuginfo-2.4.62-1.amzn2023.aarch64
mod_lua-2.4.62-1.amzn2023.aarch64
mod_ssl-2.4.62-1.amzn2023.aarch64
httpd-devel-2.4.62-1.amzn2023.aarch64
mod_ssl-debuginfo-2.4.62-1.amzn2023.aarch64
httpd-debugsource-2.4.62-1.amzn2023.aarch64
mod_proxy_html-debuginfo-2.4.62-1.amzn2023.aarch64
httpd-core-debuginfo-2.4.62-1.amzn2023.aarch64
httpd-core-2.4.62-1.amzn2023.aarch64
noarch:
httpd-filesystem-2.4.62-1.amzn2023.noarch
httpd-manual-2.4.62-1.amzn2023.noarch
src:
httpd-2.4.62-1.amzn2023.src
x86_64:
httpd-devel-2.4.62-1.amzn2023.x86_64
mod_ldap-debuginfo-2.4.62-1.amzn2023.x86_64
httpd-debuginfo-2.4.62-1.amzn2023.x86_64
httpd-debugsource-2.4.62-1.amzn2023.x86_64
mod_proxy_html-debuginfo-2.4.62-1.amzn2023.x86_64
mod_session-2.4.62-1.amzn2023.x86_64
mod_lua-debuginfo-2.4.62-1.amzn2023.x86_64
httpd-tools-debuginfo-2.4.62-1.amzn2023.x86_64
mod_lua-2.4.62-1.amzn2023.x86_64
mod_ldap-2.4.62-1.amzn2023.x86_64
mod_ssl-debuginfo-2.4.62-1.amzn2023.x86_64
mod_proxy_html-2.4.62-1.amzn2023.x86_64
httpd-2.4.62-1.amzn2023.x86_64
mod_ssl-2.4.62-1.amzn2023.x86_64
httpd-tools-2.4.62-1.amzn2023.x86_64
mod_session-debuginfo-2.4.62-1.amzn2023.x86_64
httpd-core-2.4.62-1.amzn2023.x86_64
httpd-core-debuginfo-2.4.62-1.amzn2023.x86_64