[ALSA-2025:23932] Important: httpd security update
Type:
security
Severity:
important
Release date:
2025-12-23
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082) * httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200) * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 httpd-core-2.4.63-4.el10_1.3.aarch64.rpm 66736009297b5ee9ae9fef242942a141d8ff0da5f82e2a46a8ff27b588e3beb3
aarch64 httpd-2.4.63-4.el10_1.3.aarch64.rpm 8c212f401a3f9204e69eea656e1e25ae8670dad1c3d5a9f8c986586c8fb8f4ec
aarch64 httpd-devel-2.4.63-4.el10_1.3.aarch64.rpm 97e0e2428ace7c1d1213bb693b3be5ad223b2e5b385b93f73558ed249a237355
noarch httpd-filesystem-2.4.63-4.el10_1.3.noarch.rpm f320ff587a4fcd09a925bec9c40e35d269b63143948e6d12c7074adaa47577f9
ppc64le httpd-2.4.63-4.el10_1.3.ppc64le.rpm 27bf3b6577e3fa35598d8fa7e3bd1877005e2c510ba4dafc7e92d9a01b006926
ppc64le httpd-core-2.4.63-4.el10_1.3.ppc64le.rpm 560d869828c33d7255530a805071f489bc972fd2a121c70f9067547a7f2b421d
ppc64le httpd-devel-2.4.63-4.el10_1.3.ppc64le.rpm f8eefffe718730dd753a58d960df6b1c2c1f08ce470ba9a58d9a922c5bab812b
s390x httpd-core-2.4.63-4.el10_1.3.s390x.rpm c70ceaa761b885412ad80575698cd43d2bf48c49eec6b029e54be3e3fc79b725
s390x httpd-devel-2.4.63-4.el10_1.3.s390x.rpm c7a43c1788fbd1fe88b351e07da551a7add5ed5de637307fd302641ce305352c
s390x httpd-2.4.63-4.el10_1.3.s390x.rpm fb4eaefc42bc82a23b06b48a57e117e60328231786e1f024fc2cf14ce96d03cb
x86_64 httpd-core-2.4.63-4.el10_1.3.x86_64.rpm 4aac8aea901f87de58e4f74513db7e4efc5597dcf5fc591c6094f249daa52d9a
x86_64 httpd-2.4.63-4.el10_1.3.x86_64.rpm b805da9beff1af0447a96d99817f638ab0c991b6ed677f214d2ad9ad93eee927
x86_64_v2 httpd-core-2.4.63-4.el10_1.3.x86_64_v2.rpm d4a1a5032f7ac2b5e9d0f68c65e5bed146ac896e1c049a82d31ede1c7851c278
x86_64_v2 httpd-2.4.63-4.el10_1.3.x86_64_v2.rpm e3101bb74be671f52e5ee2f179ccef0653f87528edf0bc98c87c8881ae6303b3
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.