ALSA-2025:15023

[ALSA-2025:15023] Moderate: httpd security update

Type:

security

Severity:

moderate

Release date:

2025-09-29

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_lua-2.4.62-4.el9_6.4.aarch64.rpm	2f99e9619ba30f6a28828697299aa5452f8be658f08b51bc1471c005a7718b09
aarch64	mod_proxy_html-2.4.62-4.el9_6.4.aarch64.rpm	55e5b99c2512f04cda8a1e189fd5fcf12a4cb43d8ea1011f671840eccc41ce70
aarch64	mod_ldap-2.4.62-4.el9_6.4.aarch64.rpm	69fbe0c8dff01df996304f641fd2a32dfcb6b221bfa8db93a028ec8dfd5dd2a0
aarch64	httpd-tools-2.4.62-4.el9_6.4.aarch64.rpm	724e6e9380b4f7ff3ccb302d31a8c96d1c13c2dfd94759f5904a1e8fbfb71b5d
aarch64	httpd-core-2.4.62-4.el9_6.4.aarch64.rpm	7adea2c58dbf3171c13847ac99ba117cadb516f023c8316a263ad94eb1bcbeea
aarch64	httpd-2.4.62-4.el9_6.4.aarch64.rpm	7f78a0f58cc33f53dd70939a15a64011fcef156545e1dc6ed25cf2b23dfeb06e
aarch64	mod_session-2.4.62-4.el9_6.4.aarch64.rpm	8cc7706a9a3f27cbcbcae5ec9bf98605cf1ef487538f8e91aa08d8dcf5741821
aarch64	mod_ssl-2.4.62-4.el9_6.4.aarch64.rpm	a245cf1af9cb2a7dcf64adf5fd5b5cee030e7489ab6a2446add1d1a2c205fcd4
aarch64	httpd-devel-2.4.62-4.el9_6.4.aarch64.rpm	e73cf0152a0790e7f517ffcc6ba1de6b8125651b7f16659c7e428988653c6c3c
noarch	httpd-filesystem-2.4.62-4.el9_6.4.noarch.rpm	8a61d14555bc458fa6ecf403c1ebda681a2579c804a35b06d1869023ceec8fea
noarch	httpd-manual-2.4.62-4.el9_6.4.noarch.rpm	fcee105be359c4724e4569d741834f7c7e9142cba4d0d18ccc9cb4bd8a440e92
ppc64le	httpd-devel-2.4.62-4.el9_6.4.ppc64le.rpm	07d2202b3dd0152fabf4cbeb363e94bf4c77e3696cb4fc8727566b3bf138346d
ppc64le	mod_lua-2.4.62-4.el9_6.4.ppc64le.rpm	6b3a61ee016ebc52ad12e2cdfd3408520a8a20b05d7acfe85b4c96f349a14994
ppc64le	mod_session-2.4.62-4.el9_6.4.ppc64le.rpm	a2c21eb084acca8b890bb2d3e10a96ce6f49d93c4f5ad6c77d8181c9cbbbbdee
ppc64le	mod_proxy_html-2.4.62-4.el9_6.4.ppc64le.rpm	a99a9e2addaa5d9fb257594d41e28222959f403ba72d16db69392dd34a406593
ppc64le	httpd-core-2.4.62-4.el9_6.4.ppc64le.rpm	adb31c1b4f6b6f4cfda088c0178a1013ca0d5de3303f9798555dac0053849dbb
ppc64le	httpd-tools-2.4.62-4.el9_6.4.ppc64le.rpm	b8241e73adf9440194dc178a3c5323d553bbf5e5dffb617bdbfe9883759238f6
ppc64le	mod_ssl-2.4.62-4.el9_6.4.ppc64le.rpm	be9772374b5d94bc5e55ca3f0a2f9a3dcc7d4eefdc7495697e074bf2ce4277ad
ppc64le	mod_ldap-2.4.62-4.el9_6.4.ppc64le.rpm	bf6cf0cc22f6f149d2e61ea007cc2a04b774c6190cf5ee7d0ea024953c2ee71c
ppc64le	httpd-2.4.62-4.el9_6.4.ppc64le.rpm	fd195b417437fc62cc32defcd0a1f29963edbd4b6182da75df3d7ad1e11200e2
s390x	mod_proxy_html-2.4.62-4.el9_6.4.s390x.rpm	0f5a8c505888249213c36b3c63f020c517859aeb765dc06994c749ef90dfaadb
s390x	httpd-tools-2.4.62-4.el9_6.4.s390x.rpm	16354127af3a7b447d5f2a658a5852d589e10c26096cb2ba01d73d09111e305a
s390x	httpd-core-2.4.62-4.el9_6.4.s390x.rpm	710d3a57e6e36f1ea1ee0a6f94f26c91b674f1708e4847955e3d9f7dc387e3b7
s390x	httpd-devel-2.4.62-4.el9_6.4.s390x.rpm	c77d7a81660ae054da11bbe47a4013014ba18bce5874a6ea98ea87881b6ba0b8
s390x	mod_session-2.4.62-4.el9_6.4.s390x.rpm	ca72c37b994d25f5bd6250088fb4581d6e47cedca98c290a41fc351b8c5b06e4
s390x	mod_lua-2.4.62-4.el9_6.4.s390x.rpm	dbdaf26da2e48b8f5cb52c791d1341264db917bea230433a9a988124fc2c22ee
s390x	mod_ssl-2.4.62-4.el9_6.4.s390x.rpm	dcad365e17d694f49ce685e300d523f7e87004090524bec45209fb47dbf12ccd
s390x	httpd-2.4.62-4.el9_6.4.s390x.rpm	dcfb7e0c95e08d78a50fb69ed6b4e9b3c218fd277c244c6edaa586e112ef4c47
s390x	mod_ldap-2.4.62-4.el9_6.4.s390x.rpm	f0f2d455cc008ba65dff62388b88dee738eb2493dfe79c4204d608c01c97b770
x86_64	mod_proxy_html-2.4.62-4.el9_6.4.x86_64.rpm	0ba459410056a271debfecf36144c585af65841509e8430403236b4993ea130c
x86_64	httpd-devel-2.4.62-4.el9_6.4.x86_64.rpm	17d004825bfa51d27ca9d7c9e9d08562d23a467f800c8f0b186a6ed29d2ab02e
x86_64	mod_lua-2.4.62-4.el9_6.4.x86_64.rpm	48a2242aac6625cdc118b4eff364806ab91c18797aaa8d1794b367a57ff9fc41
x86_64	httpd-tools-2.4.62-4.el9_6.4.x86_64.rpm	57edbf57562ad0dc47dce8c70f9bde011392ee921a553e5a44f8d14e86f01e73
x86_64	mod_session-2.4.62-4.el9_6.4.x86_64.rpm	9cd3e8d67261a2edc0c494b2a6a2dd38d866e8b5c823f7c38ff335a4781f1865
x86_64	mod_ssl-2.4.62-4.el9_6.4.x86_64.rpm	c32288ed553f0bc3db5e04fdfcfea118b1732c9b95f844acdd451a520d2a8ecc
x86_64	httpd-2.4.62-4.el9_6.4.x86_64.rpm	c5b58f3c3024c739b69a35c5d020abf5509fce01e2368a6ca28476faac781a85
x86_64	httpd-core-2.4.62-4.el9_6.4.x86_64.rpm	d9e821bc6f085bb2677c49d35f52b15bfb83bfbea818881b4247c6e9a41c5c58
x86_64	mod_ldap-2.4.62-4.el9_6.4.x86_64.rpm	df37fc835f7436d0f30a7ff7c1a2e4500fc51129d26cd874425754f6d296c4c7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.