[ALSA-2025:23732] Important: httpd:2.4 security update
Type:
security
Severity:
important
Release date:
2025-12-22
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082) * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753) * httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200) * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_session-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm 097fb65709b0fefc1fadf71e9048d93c741b058b8ac190186e47a0a39aa546c4
aarch64 httpd-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm 3c126868fbacad93b1de3ea9814cd70e6ebff850df0086a9c44a3503a1465557
aarch64 mod_proxy_html-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm 424305dd99b9c0805a533b6dafc7a253e54ed2419ceb76e97d99e6f1fc624f64
aarch64 httpd-tools-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm 80437b479fe4a9ef4073e5ba6b9a3d88b33441257417495e209d52fccbf333df
aarch64 mod_http2-1.15.7-10.module_el8.10.0+4044+ea5f78b1.4.aarch64.rpm 865044e5e6c9dba8e101d2f1395e47488bf3bdf7f7de4804f0cdb29dab9758fb
aarch64 mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.aarch64.rpm 9089a727d04e9e8a6e719c4980ccb7e179a95a0ceda7ac2d69ab335ae0179cd6
aarch64 httpd-devel-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm a6b6ac9e73ede16bf922f2f951365db0ad391d4616f6514d59f31abcb8d526f2
aarch64 mod_ssl-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm d4f20f4da4104daa39f56c34077c799f6cb445a9cb631858363f9c6a619e9132
aarch64 mod_ldap-2.4.37-65.module_el8.10.0+4088+57f011c1.7.aarch64.rpm f237ab5542de510549d26610e6694ab95689f49ef8e86fc87d4e861cccf7e54d
noarch httpd-manual-2.4.37-65.module_el8.10.0+4088+57f011c1.7.noarch.rpm 66aad599ee6b2b82d20c0af2151df33ae8201461913c2658de082e0e2d85e3fa
noarch httpd-filesystem-2.4.37-65.module_el8.10.0+4088+57f011c1.7.noarch.rpm c2356486b1c0563766b508a9cb299929756c245b99c6ca4b72d37b99513ea809
ppc64le mod_ldap-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm 0f8c0eeaf0596ba8467b91d249d49146ad3b249dd88470c41c1c312d83afa1d1
ppc64le mod_proxy_html-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm 1f4f6647e38293048286a703e509b2873149d702dd5a6ceb3f0bfbb2bc4d1e8b
ppc64le mod_session-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm 32241d05b4a5274a4a9d2b784e131850ed79062b6a391d8e5fa5770950cd466b
ppc64le httpd-devel-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm 34e05edadf530c71ba9f72edc785ae3d56ba980c9af7a44cc68ba6efd3d8aaed
ppc64le httpd-tools-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm 40ca7a69cd492ae100ea6a5b0afdc61564f33625067b4565072aa940b93a4de2
ppc64le mod_http2-1.15.7-10.module_el8.10.0+4044+ea5f78b1.4.ppc64le.rpm 82cdbc3411df01035b444787373839b456d0a6c7e4afbd230e8fdb93d19003f4
ppc64le mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.ppc64le.rpm ac86f2bf2070a4ae5307d7aa7c99e85dcd02bc0d293c25de3fb8d2a13263e338
ppc64le httpd-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm d46590420ddb2ca189e88df6cd3fdb4e0878cb75c5dc236b5362a52c6fba746f
ppc64le mod_ssl-2.4.37-65.module_el8.10.0+4088+57f011c1.7.ppc64le.rpm ea17e22bda0cd763441acb77bfa36a3cc2a6cc8d49c9b90f8389666278729e33
s390x httpd-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 1e16a73454f742c7b6c3541127a26602c93e3ca406eff9a064949a2e41eb99e8
s390x mod_session-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 2710f5aaf78994bbb556fd1e7d80b06d7effddd993c0bb68d5c5c363ed0c3019
s390x httpd-devel-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 3ed139a66773bc19fe3d19574d19d31bee0ce92d8fb854f51df5a82700332776
s390x mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.s390x.rpm 51f08f5a2c2c9925c2d8acf5069e109f519302af55ab044dba7de03782591748
s390x httpd-tools-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 5cd805f2f1c9a26cdc743afb0f0918a2b41d6304873cb84259ac976330bf1f2e
s390x mod_ssl-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 608ed24ac3c8ceec4269a99317e790ce44876fcaa46b03870265857682e66ecd
s390x mod_ldap-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm 7937040e464919b165d49ea393e28ec3a1462b5f849708172d5a57f7565fb8c5
s390x mod_http2-1.15.7-10.module_el8.10.0+4044+ea5f78b1.4.s390x.rpm c256308658c159f70e495ea8a5dfa7994ef785ec39c4cd04bc1240252e901c16
s390x mod_proxy_html-2.4.37-65.module_el8.10.0+4088+57f011c1.7.s390x.rpm f66777dc1d939f9fadd2bdfbc39ea543715e40e38aa7297d3114adbd351cfcfb
x86_64 mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.x86_64.rpm 035593075bacc46bb0e52d950bb12cb5cc30744e23799cb27f1962d697ba7e9e
x86_64 mod_ldap-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm 1a5f0b47ccec27a31104897334bb0858732ff69c0f2e9c72c29b6215f30c483b
x86_64 mod_ssl-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm 2ed094a742023ad95aab01412ba53b3515656562d860daf6fe7300771557cd76
x86_64 httpd-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm 75542eee670138a9f7c18f70bf100f8122bf1aa6b123937856719101009fe2dc
x86_64 mod_session-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm 8e6023e5ec7b7966022780584bf08fc20a03e02e2ab843f8d9b5eb69dcc8fce5
x86_64 httpd-tools-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm 8f2fbd676649247891123713491eebaf8bcc738af1352866901bdad5a521dff5
x86_64 mod_http2-1.15.7-10.module_el8.10.0+4044+ea5f78b1.4.x86_64.rpm 8f88e32a99b0d4cca92d6ed736e2a2cfe93f09712cf469a321d0f56fb7b4c541
x86_64 httpd-devel-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm e172e2526aa3c0587ec06b866ae829a3157189b7d042ae25a8c181eeac451a86
x86_64 mod_proxy_html-2.4.37-65.module_el8.10.0+4088+57f011c1.7.x86_64.rpm e184a2bc8f7acbf050704668436b3494c29aeec8128c30c1c51c68ead8db8a38
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.