[ALSA-2025:23919] Important: httpd security update
Type:
security
Severity:
important
Release date:
2026-01-05
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082) * httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200) * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_session-2.4.62-7.el9_7.3.aarch64.rpm 1afb1b4e073879500d2365d9eea8d0307c79108a37419e2a280842267623555c
aarch64 mod_ssl-2.4.62-7.el9_7.3.aarch64.rpm 27a2ebea0f549a2eee22dd5e22f90d21cfdc892846f9d3d5e00ef6c193c3346a
aarch64 mod_proxy_html-2.4.62-7.el9_7.3.aarch64.rpm 5a964620a59b2b6faf41b0f2173659576772003e795efdb979bc0437d2a37cee
aarch64 httpd-tools-2.4.62-7.el9_7.3.aarch64.rpm a811921a8f50709dc545fb0cf016a179df2708cec8d0ba28f7c4db654098ce7c
aarch64 mod_lua-2.4.62-7.el9_7.3.aarch64.rpm a8dfeba65f3861a57fc2ae7c02b642dfdf5c21129086a45c2452fe1bbc58f25e
aarch64 httpd-2.4.62-7.el9_7.3.aarch64.rpm adda925fd2edfd407a046a05abf0de3138b22af5424dfb1562114ecea8310cef
aarch64 httpd-devel-2.4.62-7.el9_7.3.aarch64.rpm b8ae250145e2f08f7f1c7fe6b044b3db1140a9f615b3ca10aa2cfc2a9d63f731
aarch64 mod_ldap-2.4.62-7.el9_7.3.aarch64.rpm d2adb31433072014851e1aab509d5c11488e3cdb72cb4d0787c37490b5013319
aarch64 httpd-core-2.4.62-7.el9_7.3.aarch64.rpm fa1baea05985d5588d33166fc0dff9cc8e3ae96d7df4386e62a863777ce9f12d
noarch httpd-filesystem-2.4.62-7.el9_7.3.noarch.rpm 010cb3fee1896ff672703724018ae6fe479ebeef8cfe3509d6ed63c9552b2de5
noarch httpd-manual-2.4.62-7.el9_7.3.noarch.rpm 8e21f57b8d986cfef0ebc680e4d3a7b6ecf794d2a233dbcc47db3fbf25cb6534
ppc64le mod_lua-2.4.62-7.el9_7.3.ppc64le.rpm 56d6331fc878ae9e4a5d3e724611829f6cfd03c30cb765a58f73a577793fdbef
ppc64le httpd-devel-2.4.62-7.el9_7.3.ppc64le.rpm 5e8199c4e752d49866eb9f87e3042311de37278ec8cd25760a133ff6b739bbe1
ppc64le mod_proxy_html-2.4.62-7.el9_7.3.ppc64le.rpm 866719e10a1ef5aabdb4f527537a11ed0001cc93c48791d6a72094c2233fcaa0
ppc64le httpd-core-2.4.62-7.el9_7.3.ppc64le.rpm 98e93b96b738b9a09d0d3956ecfa588ad76b1743b36e4dfefced14189945a080
ppc64le mod_ssl-2.4.62-7.el9_7.3.ppc64le.rpm a58804d2d7b066ef74906d38525e2ecfe13d1083a25ddea662241a8aadc2130b
ppc64le httpd-tools-2.4.62-7.el9_7.3.ppc64le.rpm d18dc68cb72c23e9ef31b1782910d27edb65e8d958683111593021577d4fd9fc
ppc64le mod_session-2.4.62-7.el9_7.3.ppc64le.rpm d9b62ad209bee325eef2f9620129dc4b08d6a351f5d20b2a703bd55d569e91fb
ppc64le httpd-2.4.62-7.el9_7.3.ppc64le.rpm dd33bb7d53539502034b7788e1a5c44814fcd3f867c8a5aefde6844f389d201c
ppc64le mod_ldap-2.4.62-7.el9_7.3.ppc64le.rpm df9bd56cf47fcd7b2c31b26f102d758ea305310ef89a56b2f8eb7380b8042293
s390x mod_ssl-2.4.62-7.el9_7.3.s390x.rpm 126b0b83b302973a885b1578a11f0ac4eedffdb61d76616a9c133b8dfba8bfcd
s390x mod_proxy_html-2.4.62-7.el9_7.3.s390x.rpm 463368368bda616e04c4d0d890b2bbfe7324bd5aea4c4e9d9e2db910b6dea32a
s390x mod_session-2.4.62-7.el9_7.3.s390x.rpm 5990fbc1e53a8c399552f3a55dd929ff1ada2e3aa84c2c806a397b7159cbf7ac
s390x mod_ldap-2.4.62-7.el9_7.3.s390x.rpm 9247af13014ca1062627ad9990e7fa17f8fcb661bb112797715223e1b4d00164
s390x mod_lua-2.4.62-7.el9_7.3.s390x.rpm a5d9f3b824d61e96e49da67624567cd0d3bcafec647f359b537c16cc0a62a5b7
s390x httpd-core-2.4.62-7.el9_7.3.s390x.rpm aba3e98003994a5950032293e64c6aa10627782e77a75d4400a0e3c5a91b317c
s390x httpd-2.4.62-7.el9_7.3.s390x.rpm caf742edefccb5461b26d3177955224e9412042c1eac2f888326fbfc0551de95
s390x httpd-tools-2.4.62-7.el9_7.3.s390x.rpm ec287e212f067845017da7f4e9a08c3d513bdc5ff28fd54dcfa703a351131c70
s390x httpd-devel-2.4.62-7.el9_7.3.s390x.rpm ed5d0b92d8eeaa5cf975790f2bc35fd7f75fe8c52198d6a6b1fd54540f94aa58
x86_64 mod_proxy_html-2.4.62-7.el9_7.3.x86_64.rpm 116b8135d1fd5dd23ddb44a7dc1ed43b111c06ef8a16e48dde1a0de90894b4c5
x86_64 httpd-devel-2.4.62-7.el9_7.3.x86_64.rpm 15ef6dc93ae8e18466353581593102b5f830b58e37988a381a99511509b143dc
x86_64 mod_ssl-2.4.62-7.el9_7.3.x86_64.rpm 192332069af5e3c8c757d06755851cc8d30c31b2deee38c36e2b305e1323f54d
x86_64 httpd-2.4.62-7.el9_7.3.x86_64.rpm 2415f37188ea364a99f3dda0b50d9a7e34a51910a30193187e5aeaec3252b07d
x86_64 mod_session-2.4.62-7.el9_7.3.x86_64.rpm 3d27d807ba34cf81f8e30eb6b531212b184fb451049f0ffb382f5bb9493d7d43
x86_64 httpd-core-2.4.62-7.el9_7.3.x86_64.rpm 82804971b03edc6295d874b443e2c54c01df1e97a169539ff3946a2d5c12fdea
x86_64 mod_ldap-2.4.62-7.el9_7.3.x86_64.rpm 83243edc5076ab266e268c59afa1f1ff64ee43efc7a8076914e37a41fdb3b7e1
x86_64 httpd-tools-2.4.62-7.el9_7.3.x86_64.rpm a104ff0a3c656e4141443342d8b61d26ff7d556d2b9158304022ceb8fd4f2e25
x86_64 mod_lua-2.4.62-7.el9_7.3.x86_64.rpm faf75d0f5f28af909cabd0e83127a5f5eb4a187294540f22256f55f8197f94a5
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.