[ALSA-2026:22140] Important: httpd:2.4 security update
Type:
security
Severity:
important
Release date:
2026-06-03
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_http2-1.15.7-10.module_el8.10.0+4185+0955a0d7.5.aarch64.rpm 19a9e6db6970fa95d84601859dabf030c6a33f432faba74a4a53a35b35932365
aarch64 mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm 228cb31ae87a066d41e4807cb97da2c4c780a4410ffd803880278a3f52de674c
aarch64 mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm 5b34aba6e487c18f6fc5d8703ad5e193ffd1504e7f6d08a390ae382bfa8925d2
aarch64 mod_ssl-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm 5d633225b23cc69175fa0910181f4d9c87808c39967d5db66cea989768d4e257
aarch64 mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.aarch64.rpm 9089a727d04e9e8a6e719c4980ccb7e179a95a0ceda7ac2d69ab335ae0179cd6
aarch64 mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm aa0322b6bab61ce3776b67081370e5414b543d41c209a1016502f36445f8860a
aarch64 httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm d1d550e035b9baad3937ec2d9fc900eaddb4d0dcf0dac34b19fd246151d1d874
aarch64 httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm fdad1f91a577549163e97c4c19114d79e21e466adff105ce997a41b5f7e53334
aarch64 httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm fdebf69c1fe30a5c1e288752d560676af62aba44fa49af0633e896c804d9e1e7
noarch httpd-filesystem-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.noarch.rpm 63c091aa5ee7062f5e72f3231ae53c1ca12ed29e6a4c6cc66389bc77e3941451
noarch httpd-manual-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.noarch.rpm dfa8302abbbc38b9c262b97766ca86a2f91da5996375978f6b8726c34a892728
ppc64le mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm 4e653317268a21870cb56381314601da97b8b328901309c5deabbb9e3bd0c6e7
ppc64le mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm 67922349cc4557ab56fa5ae9ab89cc79ac3140b8fa2027577947cd17e73462e5
ppc64le httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm a9059ca3c14349fda28ba6c447fcf31a2e7b524535671fe1d919b097ac488474
ppc64le mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.ppc64le.rpm ac86f2bf2070a4ae5307d7aa7c99e85dcd02bc0d293c25de3fb8d2a13263e338
ppc64le mod_http2-1.15.7-10.module_el8.10.0+4185+0955a0d7.5.ppc64le.rpm b267d9e6fd094132e66c7ed0686bc985709af0541a478fcf79a818aa64a24783
ppc64le httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm c3885a68bddfd6220b4885fdbfc028077317f6ec22c2da783ea2aad3e7f521a5
ppc64le mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm c58929381bc32c606382de6a30c72572177668e7b16a61d530ec0072b1490845
ppc64le httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm e3bc8dcefc2e3467eacdfdef8fe20af9b55e05a60247d92dd344e686993ac908
ppc64le mod_ssl-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm e4645065e2c17e9ddf3e1e3c6bf4277981418ec82ae98ca5ea88750147a3b3bf
s390x httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm 3b4d209ed4f225bf591ded9dc0066865dee37e4b12b1a24766220f539d019fe3
s390x mod_ssl-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm 51cb1c6f0c43bbcd8187e7edbb96f22e0cab947773dfd803bfcf529ecd0c62a4
s390x mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.s390x.rpm 51f08f5a2c2c9925c2d8acf5069e109f519302af55ab044dba7de03782591748
s390x mod_http2-1.15.7-10.module_el8.10.0+4185+0955a0d7.5.s390x.rpm 55464cd75f23961160efeddab5913526d94bf29f7cc936646347ac784ce438f9
s390x mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm 6adc6434a89ccfa89f334e15455786a73a2b0c708fb24528a8c6ee7aaa5cbda0
s390x httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm 76c8ef271a4522a536053e702e49fd9c0ceb10f02fae92fbc2e3466038941595
s390x mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm c282deb0935dfcd4ce2c2d3604483855e0f24c24822c720a583a258a5b77f9f6
s390x httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm ca5d236d85f12ded3db89992cca466cdc583a20207fe035e72ae810d7a599e87
s390x mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm efc8d69ee706597d51028a0152eb0ffe5de3016b8be8cf80e57767f5b317988e
x86_64 mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.x86_64.rpm 035593075bacc46bb0e52d950bb12cb5cc30744e23799cb27f1962d697ba7e9e
x86_64 mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 10ece9182c94f4a35d1704f333fec248c3c702c0280d5e2cda990180df139dfa
x86_64 mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 25bdc8002a17e54eda22b7d4fb0a1df23be0844cda43a1dd963dda11dc4dceeb
x86_64 mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 515ea78e18ca4f7da4cd1273d18058101faacd78c9078741208e51a21157a18a
x86_64 httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 598ffef471b025dcb13a908c9ae92ffd8747ddab29e3465f50e3473a7ed7f50e
x86_64 mod_http2-1.15.7-10.module_el8.10.0+4185+0955a0d7.5.x86_64.rpm 6131c9290679d5afa88648a84d6c25323c12d41466d573e9e292e26c722af4a3
x86_64 httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 7e70a95affdb519f06689df2c45f09c1d74736f808a72f3e0d35292064100851
x86_64 httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm 99f1cdde5fa17d970901e846a6685586274f12278546da6d9d386e3f10897c8a
x86_64 mod_ssl-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm f1047dbcb39b31d45917373714ed6a3761bd82fb8a1792e4b60279a0e5e2c7d0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.