ALSA-2026:21433

[ALSA-2026:21433] Important: httpd security update

Type:

security

Severity:

important

Release date:

2026-05-28

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

  * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)
  * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
  * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
  * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
  * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_session-2.4.63-13.el10_2.1.aarch64.rpm	2fb6b3f5aceecbd68aed58f46a7bd99b92b597e4696c582cb7370074059bc247
aarch64	mod_lua-2.4.63-13.el10_2.1.aarch64.rpm	433743753c1891b145f348c5a5ad2d468436b26d3b792ef4b0debadc30ecf693
aarch64	httpd-tools-2.4.63-13.el10_2.1.aarch64.rpm	4d527a3da87f2f5eb6487b3ad142d06cf6f52c59809279423b7ace40811f4e50
aarch64	mod_ldap-2.4.63-13.el10_2.1.aarch64.rpm	4f825cc287352d491d40f07f8de0b549099ebab9afd58a30b05e5db642f71a96
aarch64	httpd-devel-2.4.63-13.el10_2.1.aarch64.rpm	cfd577c8328c9303f0ea5d763185ca568c186c42795a162c79ca234ff4552ea8
aarch64	httpd-2.4.63-13.el10_2.1.aarch64.rpm	d4784b2c7cca8e0386a163f3fe37dfbfe625fd9e07705acc0d7bbd85c734e3d8
aarch64	httpd-core-2.4.63-13.el10_2.1.aarch64.rpm	ed1e59655e33d4874c1bccdf536dc2276224eb4479e5aa1ab7dfdbb6874c8e5a
aarch64	mod_proxy_html-2.4.63-13.el10_2.1.aarch64.rpm	ef43c65a2bc49e7335c4d42f9e576383fa578d4841258cbbc6fe0bf1502cd2a3
aarch64	mod_ssl-2.4.63-13.el10_2.1.aarch64.rpm	fd13632b15894148ce88d5917c46e6e7fc738c2b54dd09e8bd10175504532c05
noarch	httpd-filesystem-2.4.63-13.el10_2.1.noarch.rpm	e031b93501860443509180fc94ca9fd2f55bb1e5c48013833c3648cf8b45ea9f
noarch	httpd-manual-2.4.63-13.el10_2.1.noarch.rpm	e3cfbdbc5fcf4512653e1a0be2d6396861efc9b9c15498e4543c0fcbc556c07a
ppc64le	httpd-core-2.4.63-13.el10_2.1.ppc64le.rpm	23a52858a4748a4208e89cf5a2826f1a769587e8e0fd1f23c914731d5198a0ba
ppc64le	mod_proxy_html-2.4.63-13.el10_2.1.ppc64le.rpm	271badfadb69a241ea3ebc24388a0e3103b1b63daedf479cf24d845116ab8b42
ppc64le	mod_lua-2.4.63-13.el10_2.1.ppc64le.rpm	2c8cde9149ad404e6ccc36c7a2f7a1aeeacf870b107678959d6f464bbfd75041
ppc64le	mod_ssl-2.4.63-13.el10_2.1.ppc64le.rpm	59c1215a0b451b9cea7c6f8a5abf03a00dabf66fc3171938ba314e67d1f7a61c
ppc64le	httpd-2.4.63-13.el10_2.1.ppc64le.rpm	7bfd4ca746dae74de0b95f7853b31e734e035a5ac205230c63cad9d3ff6857e2
ppc64le	mod_session-2.4.63-13.el10_2.1.ppc64le.rpm	82819633edc7f1acadd44e17840a2df4667d97b5d66101dbdc2223bf74cf1c5d
ppc64le	httpd-devel-2.4.63-13.el10_2.1.ppc64le.rpm	ab8219a747010d6b34bf1c50054cb3aaba634cbdc1fad6f63e331a06f0585384
ppc64le	mod_ldap-2.4.63-13.el10_2.1.ppc64le.rpm	c1bb1a4295df01df26bb44427a3d66273fd1725066daf0c39fbd715079b8fb1f
ppc64le	httpd-tools-2.4.63-13.el10_2.1.ppc64le.rpm	c52caee7c70ac5346d2f0ebc6bff6e0e56134330ea6cfa10f3dc7149a899489d
s390x	httpd-2.4.63-13.el10_2.1.s390x.rpm	1e312bf7b1f2faf0af7162e7fa3cc225f1aeb2c3cee10aa1ef4f59da1cd30fe0
s390x	httpd-tools-2.4.63-13.el10_2.1.s390x.rpm	221c3c5189a5475ca363699ac9dadb48c69567b8b3c0e4904daa64ac5f145fe9
s390x	httpd-core-2.4.63-13.el10_2.1.s390x.rpm	56c608361ddae54c76b46546518470ae869844cf664bbe1ee10d242d2ff94b6b
s390x	mod_session-2.4.63-13.el10_2.1.s390x.rpm	6073a7f35f75b20bbc9a99913fd0bae0deea96f8b5837a20ee3e4121a41197c8
s390x	mod_proxy_html-2.4.63-13.el10_2.1.s390x.rpm	76dfb82d6ac4f3c1d47fd54e6d48f1fa79f2352ff0292398f456fe8fa65393cd
s390x	httpd-devel-2.4.63-13.el10_2.1.s390x.rpm	884ee45aa438095e5331683cabba47564bc776c91d6d9850b4e93f24a7960761
s390x	mod_ldap-2.4.63-13.el10_2.1.s390x.rpm	bbe22201a21aa0deeaf4e796a367201dd38b694ebd1ca3c2b7a4a8165b27c87c
s390x	mod_lua-2.4.63-13.el10_2.1.s390x.rpm	cea3543f5c0f602f9eb8661055f42c9b1f11edca2f1dde7edfc73fa653db55c7
s390x	mod_ssl-2.4.63-13.el10_2.1.s390x.rpm	e8686bd0a8a44651a2d3b7aae5cbd55bf09f0c00b71c3ebf628a831247cb07d2
x86_64	mod_session-2.4.63-13.el10_2.1.x86_64.rpm	120860ade7b76f46ace15e1eeb986321e2a46817639186e50eb873191f75be57
x86_64	httpd-devel-2.4.63-13.el10_2.1.x86_64.rpm	150db8fb127f5cf5220e1772e46aad0d1f9da6b82de35f058551372ce475f2bb
x86_64	httpd-core-2.4.63-13.el10_2.1.x86_64.rpm	24b6219f280d132ead33cd72817118ccb718fa117d81eec5aa870329478394c9
x86_64	mod_ssl-2.4.63-13.el10_2.1.x86_64.rpm	5f339d1c35bd2a0bd6c2f541dd9d6fb125aec4b8c1ea929ee9714490b63e2c98
x86_64	mod_ldap-2.4.63-13.el10_2.1.x86_64.rpm	75ef1e1d559de5181005a673c97ac20e3bd03d01ba82614ba9a5910ee3a4a44c
x86_64	httpd-tools-2.4.63-13.el10_2.1.x86_64.rpm	834c2d11f99fca536a267ed1fdeff9c959fe36b8a9c43312a913470290a3eaa7
x86_64	httpd-2.4.63-13.el10_2.1.x86_64.rpm	8a619b7ae8f396862ce0cb03d8475586fb8f711cb5b43275aec8012c93218bfb
x86_64	mod_proxy_html-2.4.63-13.el10_2.1.x86_64.rpm	91032254f4ff3674293cc553b7be162dce727ff9ca865a4dcfa4f4ff13cd55ff
x86_64	mod_lua-2.4.63-13.el10_2.1.x86_64.rpm	ca537fcd6e9ab70a31f5cf0c775bcee0a536164432e075ce73bd4d3ab5aa29dc
x86_64_v2	httpd-2.4.63-13.el10_2.1.x86_64_v2.rpm	129c9ee3e095ed43cb6ade01d1226eeb5844db78c4743500d57b027dc180f090
x86_64_v2	mod_proxy_html-2.4.63-13.el10_2.1.x86_64_v2.rpm	19d6971fb7800baf481ede41142c5f92f970cd88f17ad5fa6e00477a6975947a
x86_64_v2	mod_session-2.4.63-13.el10_2.1.x86_64_v2.rpm	1fbd563e17c41659eef5c526ada72ed8e1d6dea3e182d4bdb6836d44f7795f79
x86_64_v2	httpd-tools-2.4.63-13.el10_2.1.x86_64_v2.rpm	2c2f07e9cafea27405ec0b31c7af019eb8bd2c212a61bd9f49e40fbfc45b1f7f
x86_64_v2	httpd-core-2.4.63-13.el10_2.1.x86_64_v2.rpm	4e9f7ef72326b37d158bedb9e7ee98a82e9ed30d3b62b4dd74fefc17bdc48f81
x86_64_v2	mod_ssl-2.4.63-13.el10_2.1.x86_64_v2.rpm	535d5f1051507409cabc71361ea90c1ffc442306fd4ccb7001399437ba4f0800
x86_64_v2	mod_ldap-2.4.63-13.el10_2.1.x86_64_v2.rpm	7e2798a6d603d54104a2ac17a16ac390ffa12ab3c223f63cc5568cbb0f93d5de
x86_64_v2	mod_lua-2.4.63-13.el10_2.1.x86_64_v2.rpm	8d75f8a2fda9b4e0d773d0f5b4b01a7ee3ff7ea0fd4607693d001093492669e9
x86_64_v2	httpd-devel-2.4.63-13.el10_2.1.x86_64_v2.rpm	9cd161a7d688fdf71c32af4bfdf39299c1689609291229fb87f6b5cf9b5b3c2d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.