CVE-2022-28614
Description
Moderate: httpd security, bug fix, and enhancement update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description httpd: Out-of-bounds read via ap_rwrite() CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased JBoss Core Services for RHEL 8jbcs-httpd24-httpd-0:2.4.51-37.el8jbcsRHSA-2022:88402022-12-08T00:00:00Z JBoss Core Services on RHEL 7jbcs-httpd24-httpd-0:2.4.51-37.el7jbcsRHSA-2022:88402022-12-08T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
httpd: Out-of-bounds read via ap_rwrite()
CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd-0:2.4.51-37.el8jbcs | RHSA-2022:8840 | 2022-12-08T00:00:00Z |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd-0:2.4.51-37.el7jbcs | RHSA-2022:8840 | 2022-12-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | httpd:2.4-8070020220725152258.3b9f49c4 | RHSA-2022:7647 | 2022-11-08T00:00:00Z |
| Red Hat Enterprise Linux 9 | httpd-0:2.4.53-7.el9 | RHSA-2022:8067 | 2022-11-15T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | httpd24-httpd-0:2.4.34-23.el7.5 | RHSA-2022:6753 | 2022-09-29T00:00:00Z |
| Text-Only JBCS | | RHSA-2022:8841 | 2022-12-08T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Out of support scope |
| Red Hat Enterprise Linux 7 | httpd | Out of support scope |
| Red Hat JBoss Enterprise Application Platform 6 | httpd22 | Out of support scope |
| Red Hat JBoss Web Server 3 | httpd24 | Fix deferred |
Apply commands
yum update -y jbcs-httpd24-httpd
# or:
dnf upgrade -y jbcs-httpd24-httpdOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | httpd-manual-2.4.53-7.el9.noarch.rpm |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Fixed | 2.4.54-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.4.54-1 |
| sid | Fixed | 2.4.54-1 |
| forky | Fixed | 2.4.54-1 |
| bullseye | Fixed | 2.4.54-1~deb11u1 |
| bookworm | Fixed | 2.4.54-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://security-tracker.debian.org/tracker/CVE-2022-28614
- https://access.redhat.com/errata/RHSA-2022:8067
- https://errata.rockylinux.org/RLSA-2022:7647
- https://www.suse.com/security/cve/CVE-2022-28614.html
- https://errata.rockylinux.org/RLSA-2022:8067
- https://access.redhat.com/errata/RHSA-2022:7647
- https://bugzilla.redhat.com/2064319
- https://bugzilla.redhat.com/2064320
- https://bugzilla.redhat.com/2064322
- https://bugzilla.redhat.com/2094997
- https://bugzilla.redhat.com/2095002
- https://bugzilla.redhat.com/2095006
- https://bugzilla.redhat.com/2095012
- https://bugzilla.redhat.com/2095015
- https://bugzilla.redhat.com/2095018
- https://bugzilla.redhat.com/2095020
- https://errata.almalinux.org/8/ALSA-2022-7647.html
- https://errata.almalinux.org/9/ALSA-2022-8067.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.