ALSA-2025:15095

[ALSA-2025:15095] Moderate: httpd security update

Type:

security

Severity:

moderate

Release date:

2025-09-03

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	httpd-filesystem-2.4.63-1.el10_0.2.noarch.rpm	23f6f8235a3f05108a4d571c2d97070cde904bc10c499c19721e36118a0b3cb5
noarch	httpd-manual-2.4.63-1.el10_0.2.noarch.rpm	fa129998bfad24b227f00316175e1a55119eb8a181278169fd59b9353fd8be7f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.