[ALSA-2026:34109] Important: httpd security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-01
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516) * httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169) * httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356) * httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185) * httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631) * httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536) * httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355) Bug Fix(es) and Enhancement(s): * address Moderate severity issues from httpd 2.4.68 [almalinux-10.2.z] (JIRA:AlmaLinux-184518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_ldap-2.4.63-13.el10_2.4.aarch64.rpm 73aaec40ad393d802255b323d05abab817190a50ac21fcec62296a840e5e6828
aarch64 mod_proxy_html-2.4.63-13.el10_2.4.aarch64.rpm 7702f911f6289c6fbc63f35020c7e78bb6522a7a98f4b7cb97faee50c446bd6f
aarch64 mod_lua-2.4.63-13.el10_2.4.aarch64.rpm 8381f2ef25e4c971456954ff1f45f07de4c7ef32a41a023d094057cb31289473
aarch64 httpd-2.4.63-13.el10_2.4.aarch64.rpm 839bb7c46cfbda8089d7ab22641550451fd0eb8aa183b79356a9b70e5af4ecc2
aarch64 mod_session-2.4.63-13.el10_2.4.aarch64.rpm 913f32f9dc2d86123cd4427cf374b223c29abdeac3243a70e7100bfba1b8c77f
aarch64 httpd-core-2.4.63-13.el10_2.4.aarch64.rpm ad1d95f599958df7e6fbe328beba9855f38f7a511cb7e5816b2a9598e33ffff2
aarch64 httpd-devel-2.4.63-13.el10_2.4.aarch64.rpm b6b95b4bf34c82fb63af257254951b965174664d33a4784e30d32a988fcfab36
aarch64 httpd-tools-2.4.63-13.el10_2.4.aarch64.rpm eb1c741cfb635dde4d65dce20fd6721629add3b703430bc56377825aadded105
aarch64 mod_ssl-2.4.63-13.el10_2.4.aarch64.rpm ec4384668cdc722448a6e8e9d48396a36c0ddea87b65a145ccffa73a3a659323
noarch httpd-filesystem-2.4.63-13.el10_2.4.noarch.rpm 30a9431c19d9b0eaee77dd0b3a9c83a8c8a3a28bd86f1779bae9f85de7bc9f30
noarch httpd-manual-2.4.63-13.el10_2.4.noarch.rpm 5e32be7a095c8c1c4519272d18d660a3422b7a943ac850a731cff5f11027152d
ppc64le mod_lua-2.4.63-13.el10_2.4.ppc64le.rpm 5f0ce47837056b673082124f65459c8169486c0d27f21fe1de44389977fca781
ppc64le mod_ssl-2.4.63-13.el10_2.4.ppc64le.rpm 6c38fb0284a2186191d1b22ebc80b363caf9f4f11700bd8cc67da1dabf03d2fe
ppc64le mod_proxy_html-2.4.63-13.el10_2.4.ppc64le.rpm 7bad418f1466820268c14360b056b95d1c8122b1ac45c2be80123ac3069a4cf8
ppc64le mod_session-2.4.63-13.el10_2.4.ppc64le.rpm 9edbc8752da22adc9145420d106d00f744c54e7231ce627dadfa9e30459e9d20
ppc64le httpd-core-2.4.63-13.el10_2.4.ppc64le.rpm a449a28eb84a81a4303afa4aae8f780c05b05c2b94df3ab065160c1ddd21f50a
ppc64le httpd-tools-2.4.63-13.el10_2.4.ppc64le.rpm c43711ca4d87585f3755fab2db5fb2011dc981e0830f1da99d0469f6a1c7be37
ppc64le httpd-2.4.63-13.el10_2.4.ppc64le.rpm de990119d44ae193a78cdf346d554ec54817534795d6342f95414df66a912a84
ppc64le httpd-devel-2.4.63-13.el10_2.4.ppc64le.rpm e9f8f0170a45e2a0963bec707d6dfd45ddaa9e2dffbbf8465cdddaf089b3f8cb
ppc64le mod_ldap-2.4.63-13.el10_2.4.ppc64le.rpm eb614d1b7a7fc7519de9edad8a228f8e89b8fc81777f6ccfeb0ea59ce64dae8e
s390x mod_session-2.4.63-13.el10_2.4.s390x.rpm 1ea2283dc07624ccd46bb26c063903060d9ed4165f26b21ed16d8d177e4aa4c8
s390x httpd-tools-2.4.63-13.el10_2.4.s390x.rpm 223887e17e6950c6eddf981f206a6d2053829c173f564a30f827f25cd0dc48c9
s390x mod_ldap-2.4.63-13.el10_2.4.s390x.rpm 3d8193b862177d63b16dea066472f6cb7fc551ad7fdcfd37db53fbdc69a1cb5e
s390x mod_lua-2.4.63-13.el10_2.4.s390x.rpm 40bb160b7bb00166da9fbec14af7335d62ad348db1254ee5d73b7d7fe7db6399
s390x httpd-2.4.63-13.el10_2.4.s390x.rpm 5f0593ed0bcd8da3593680807c90f2bac7a40661f2d3a247f0f485095bbb9e96
s390x httpd-devel-2.4.63-13.el10_2.4.s390x.rpm 746ee8715a133ec69257d7f0fe41fae8147a0382966334d12b6d57536b1fa150
s390x mod_ssl-2.4.63-13.el10_2.4.s390x.rpm 8c4233a6eeda0bb9aa9e45c39a51507ca80d3a65a83b85d9e4527999bb5a1bc5
s390x httpd-core-2.4.63-13.el10_2.4.s390x.rpm a949a52d5f0e1adaf425614c691ede07eac85ccc0b4b09d404a7e5478417248a
s390x mod_proxy_html-2.4.63-13.el10_2.4.s390x.rpm b8c6a80235c1612a21a95d1d6e83b6537917effe2369ff84eb2c445a3c383efa
x86_64 mod_lua-2.4.63-13.el10_2.4.x86_64.rpm 04b1ec7b2b14f5e619c6515530a502710dc9d17b2843b2bda588d4b941ce80d6
x86_64 mod_session-2.4.63-13.el10_2.4.x86_64.rpm 6e983fb5b3c48eae5eb9806891adc8bd01399007367f6879dd4250bcd613f62a
x86_64 httpd-core-2.4.63-13.el10_2.4.x86_64.rpm 6fe618c10f1539f09ad9a3dcd28c6ba2792c89388c8b79d5e4cc4c1263c5a592
x86_64 mod_ssl-2.4.63-13.el10_2.4.x86_64.rpm 7e904209f76be48f00d7cf3f2e1da484a7e83219d43c1b0cfcc346b18a330234
x86_64 httpd-tools-2.4.63-13.el10_2.4.x86_64.rpm 8e47adecd11354def1ac92f87a7bea0b31607a42aa0e3389b0b8c5f9e1d8fc0e
x86_64 mod_ldap-2.4.63-13.el10_2.4.x86_64.rpm 956c298478071fc565d7b4fedf42469e7db3f46e58f4e6375a45c2178eb38347
x86_64 httpd-devel-2.4.63-13.el10_2.4.x86_64.rpm cc8067bd0949526415899788ddab5a4c8a9e9fdd20738e1ac595e6f7f735cf5f
x86_64 httpd-2.4.63-13.el10_2.4.x86_64.rpm f072b01be5ef050a8d280d9a86ff2087d7d63481efd6acc35ac0d245c910d944
x86_64 mod_proxy_html-2.4.63-13.el10_2.4.x86_64.rpm f8ba3696c5bcbac939b042557b5307cc356399709f55c000ee17fe5ba1bebab6
x86_64_v2 httpd-2.4.63-13.el10_2.4.x86_64_v2.rpm 0c8068e1fa62e7652c059228ec35a1bc83c6543d7a7a0c89bb29a05edc0fb18d
x86_64_v2 httpd-devel-2.4.63-13.el10_2.4.x86_64_v2.rpm 3bdd366b7547e822654bd67cf36c0a8f7c4ae92486a46e3d015cc76e3fd3af88
x86_64_v2 mod_ssl-2.4.63-13.el10_2.4.x86_64_v2.rpm 4f38e6a427108fce27fb47d7b7d68aa07ea72f9c38b150e3d27a4390af3a2b67
x86_64_v2 mod_ldap-2.4.63-13.el10_2.4.x86_64_v2.rpm 8c589f88ee7ab86e438b4de2c2c31f6c13d9a93127549fa1944ba49390883b3c
x86_64_v2 httpd-core-2.4.63-13.el10_2.4.x86_64_v2.rpm b1cf3d4dd0357a486e67b7ae7f4dd7562e5ae555000f02e591e22476e89db7d1
x86_64_v2 mod_lua-2.4.63-13.el10_2.4.x86_64_v2.rpm e4d8fe3d5d17e449235fc20b7809e2d3e9aad91ffd85edb600343be47b3252cd
x86_64_v2 httpd-tools-2.4.63-13.el10_2.4.x86_64_v2.rpm ea1d92826f861f6341fe6a2995f6e448bebf8b82a57e18fa36b31eac716b30af
x86_64_v2 mod_session-2.4.63-13.el10_2.4.x86_64_v2.rpm f8f5e0c9ec3d3529ca6fe0cc1989239cf6a5df5bd2ac0699f9a90331ddb62717
x86_64_v2 mod_proxy_html-2.4.63-13.el10_2.4.x86_64_v2.rpm fbccc71139e64fd2db3a5ca01e784671494816549e69f17b0cedc7d8da685857
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.