ALSA-2026:21391

[ALSA-2026:21391] Important: httpd security update

Type:

security

Severity:

important

Release date:

2026-05-29

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

  * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)
  * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
  * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
  * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
  * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_ssl-2.4.62-13.el9_8.1.aarch64.rpm	01e0c8dbe765c72cc5fc3c65924135aa0dda7ef2fb1cc88c493444bb7eef5caa
aarch64	httpd-tools-2.4.62-13.el9_8.1.aarch64.rpm	109533f964f8763f8607d9c6882b5ec60255ed26570b0a1e5c2ad3de014a6c9b
aarch64	mod_session-2.4.62-13.el9_8.1.aarch64.rpm	1c67ff03088f88c3bc8936a7d49b8bd6530dbdf89955490f54e28f76373deb3b
aarch64	httpd-2.4.62-13.el9_8.1.aarch64.rpm	33afcac00b8d8db7d5a2ce2d091ecf0d4f37b4e2f15d63b37ebf822c6fd0d0a8
aarch64	httpd-core-2.4.62-13.el9_8.1.aarch64.rpm	65841aaf23e676a000ab09418e58fe439d0a7aea43279928938626ecfcd3cd11
aarch64	mod_lua-2.4.62-13.el9_8.1.aarch64.rpm	96bc240c849a33d126cc371f6898f04517890d495f4a7938f8ad609a98410d0e
aarch64	mod_proxy_html-2.4.62-13.el9_8.1.aarch64.rpm	c27866f691c7b0becd57c89204c2eb58ccbc73e3bf678c855ea2058c102bbe8e
aarch64	httpd-devel-2.4.62-13.el9_8.1.aarch64.rpm	caa1b34d3b74233cbc1b3beddd405884b470a1fb358907a1768d78c2cab0da04
aarch64	mod_ldap-2.4.62-13.el9_8.1.aarch64.rpm	db1bee9e22375317b904bdffb425b91f9a447285ddd7850d35b79a2047f67476
noarch	httpd-manual-2.4.62-13.el9_8.1.noarch.rpm	e9223dcbdeb90eb5d457d6c73fc637da55357100d817faf8b124cf06fc13e816
noarch	httpd-filesystem-2.4.62-13.el9_8.1.noarch.rpm	f78ac744ce7d15cf7665a6832386ef5c78eff67394972b82c66bd73b689a583c
ppc64le	mod_proxy_html-2.4.62-13.el9_8.1.ppc64le.rpm	071d77414f28c18be16df2f0ce92767849b34403af93247dd2958c9abda160fa
ppc64le	mod_ssl-2.4.62-13.el9_8.1.ppc64le.rpm	15bc07ad4ef44f094450faa5fef79ed206e19229202e282a1676a7f868e49795
ppc64le	httpd-2.4.62-13.el9_8.1.ppc64le.rpm	34bad0e01f1b81cbd71deedd2373144e5f0579e351d7f28160ed14e9330ccb3a
ppc64le	httpd-core-2.4.62-13.el9_8.1.ppc64le.rpm	3c22c19d9c564f67c797d75ec5674791e147a77823cfd4569e76b5d06e5ce94b
ppc64le	httpd-tools-2.4.62-13.el9_8.1.ppc64le.rpm	496e10b7dd046837d9b320d5c9a6bae91e151087373654369413635e72e2a29f
ppc64le	httpd-devel-2.4.62-13.el9_8.1.ppc64le.rpm	6429534cb0978fb91449077c3fc4aaeefcd70c25fb67c9847bf7e4967946e497
ppc64le	mod_lua-2.4.62-13.el9_8.1.ppc64le.rpm	7b424b5dfac8986bc00785fb498332e1176218272836ba5ce8d73fe305e19a00
ppc64le	mod_ldap-2.4.62-13.el9_8.1.ppc64le.rpm	95bdd1bd46448ac38388584ab123a3fa720b655a2ce73bdd32dd59d0a7b7b164
ppc64le	mod_session-2.4.62-13.el9_8.1.ppc64le.rpm	d1632bb2f8675b6902fc2d2917cd11cae3e72757e63e2e3c4a1f55fab67ca4b0
s390x	httpd-core-2.4.62-13.el9_8.1.s390x.rpm	05189f61f3476d2e8e2fe89d85bf8c512862e91748911ff6d968e7dcc4bbfe45
s390x	mod_ssl-2.4.62-13.el9_8.1.s390x.rpm	193f8e7a11203ee18f4dc35898a6c041c604d665e32e832890e20ad6d9b6f94c
s390x	httpd-devel-2.4.62-13.el9_8.1.s390x.rpm	310de1480a6f91479dadd1e1aba51a99c4975b1f6c297efd8a4791f0e5183f26
s390x	mod_lua-2.4.62-13.el9_8.1.s390x.rpm	7883b8b789d54b489b7db82639ea7782b86c3a4e7727a5a8a9a479f573420f1e
s390x	httpd-2.4.62-13.el9_8.1.s390x.rpm	98243ffff072e25992c1046dc0b7015397160c562fa9369ee9f87ff96b503e08
s390x	mod_session-2.4.62-13.el9_8.1.s390x.rpm	a862a365cdd6d2c89b6fc3e4e8c85ab46601e6ef9916dde0f5beb5912025eba3
s390x	mod_proxy_html-2.4.62-13.el9_8.1.s390x.rpm	b5cee4beb0f295f834643cf50d7e91b8ccee126fb32e4058d6b2c22c03b8088a
s390x	mod_ldap-2.4.62-13.el9_8.1.s390x.rpm	b7f0169599ffef00c7f21bcac5f8f04931e1bac4560ab8cf9f63a83b2f0e72d5
s390x	httpd-tools-2.4.62-13.el9_8.1.s390x.rpm	ceab4cee4c9ce8f8418706ed16a3a962d14d5f55faf0ffe637bc51b26a72b869
x86_64	mod_ldap-2.4.62-13.el9_8.1.x86_64.rpm	1665a42b7f94c4fe9583df9080d6a4c00b586bba3a7bcf22ebdd0bf47e3559d9
x86_64	mod_lua-2.4.62-13.el9_8.1.x86_64.rpm	27edc484b2e07080e6fecf6d4c847f611106597f554ee2cd3a67d89cb0a13dec
x86_64	mod_session-2.4.62-13.el9_8.1.x86_64.rpm	2c396038e94e9581c2f90d850c636d92ed7d79d243dff362f9d95bd20effc643
x86_64	httpd-2.4.62-13.el9_8.1.x86_64.rpm	4cfc326215ba8a2b28672a2a185a4653932bcb115b76705ae129e6232115a657
x86_64	httpd-devel-2.4.62-13.el9_8.1.x86_64.rpm	523508fb4f4a8c4d29ebd112bc53e957e62462d0e0609b7ff3fe0ce53d0d2f1e
x86_64	httpd-tools-2.4.62-13.el9_8.1.x86_64.rpm	731b7bdf00263c35ecfd88ef65d4e1de7617819272cbc9f2cf291478db3f7dc8
x86_64	mod_proxy_html-2.4.62-13.el9_8.1.x86_64.rpm	7637fb6ec07c07734430bf56856b12ec163958a807ca5149ed2ae8c072390a49
x86_64	httpd-core-2.4.62-13.el9_8.1.x86_64.rpm	cc280eb8e79d27279f38e2feb6e81703d5dc66f97493914c25c761ffbf334b21
x86_64	mod_ssl-2.4.62-13.el9_8.1.x86_64.rpm	e72caa5b98ab0c5054459808cc40a4f0bacf797ee164f6b5bb64066fbb66b78d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.