ELSA-2025-15023

Опубликовано: 02 сент. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-15023: httpd security update (MODERATE)

[2.4.62-4.0.1.4]

Replace index.html with Oracle's index page oracle_index.html.

[2.4.62-4.4]

Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade

[2.4.62-4.1]

Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in mod_ssl
Resolves: RHEL-99963 - CVE-2025-23048 httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption
Resolves: RHEL-102079 - stickysession field does not work when specifying it in the query parameter after upgrade to 9.5

[2.4.62-4]

Resolves: RHEL-66488 - Apache HTTPD no longer parse PHP files with unicode characters in the name

[2.4.62-3]

Resolves: RHEL-68660 - RewriteRule proxying to UDS (unix domain socket) configured in .htaccess doesn't work on httpd-2.4.62-1

[2.4.62-2]

mod_ssl: fix loading keys via ENGINE API Resolves: RHEL-36755

[2.4.62-1]

new version 2.4.62
Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix

[2.4.59-7]

Resolves: RHEL-49856: htcacheclean.service missing [Install] section

[2.4.59-6]

mod_ssl: restore SSL_OP_NO_RENEGOTIATE support Related: RHEL-14668

[2.4.59-5]

mod_ssl: defer ENGINE_finish() calls to a cleanup Resolves: RHEL-36755

[2.4.59-4]

Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers

[2.4.59-3]

Related: RHEL-14668 - RFE: httpd rebase to 2.4.59

[2.4.59-2]

Resolves: RHEL-35870 - httpd mod_cgi/cgid unification

[2.4.59-1]

new version 2.4.59
Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709)
Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795)

[2.4.57-8]

mod_xml2enc: fix media type handling Resolves: RHEL-17686
mod_dav: add DavBasePath Resolves: RHEL-6600

[2.4.57-7]

Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)

[2.4.57-6]

Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
mod_dav_fs: add global mutex around lockdb interaction

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

httpd

2.4.62-4.0.1.el9_6.4

httpd-core

2.4.62-4.0.1.el9_6.4

httpd-devel

2.4.62-4.0.1.el9_6.4

httpd-filesystem

2.4.62-4.0.1.el9_6.4

httpd-manual

2.4.62-4.0.1.el9_6.4

httpd-tools

2.4.62-4.0.1.el9_6.4

mod_ldap

2.4.62-4.0.1.el9_6.4

mod_lua

2.4.62-4.0.1.el9_6.4

mod_proxy_html

2.4.62-4.0.1.el9_6.4

mod_session

2.4.62-4.0.1.el9_6.4

mod_ssl

2.4.62-4.0.1.el9_6.4

Oracle Linux x86_64

httpd

2.4.62-4.0.1.el9_6.4

httpd-core

2.4.62-4.0.1.el9_6.4

httpd-devel

2.4.62-4.0.1.el9_6.4

httpd-filesystem

2.4.62-4.0.1.el9_6.4

httpd-manual

2.4.62-4.0.1.el9_6.4

httpd-tools

2.4.62-4.0.1.el9_6.4

mod_ldap

2.4.62-4.0.1.el9_6.4

mod_lua

2.4.62-4.0.1.el9_6.4

mod_proxy_html

2.4.62-4.0.1.el9_6.4

mod_session

2.4.62-4.0.1.el9_6.4

mod_ssl

2.4.62-4.0.1.el9_6.4

Связанные CVE

CVE-2024-47252

CVE-2025-49812

CVE-2025-23048

Ссылки на источники

Связанные уязвимости

RLSA-2025:15095

rocky

3 месяца назад

Moderate: httpd security update

RLSA-2025:15023

rocky

2 месяца назад

Moderate: httpd security update

ELSA-2025-15095

oracle-oval

4 месяца назад

ELSA-2025-15095: httpd security update (MODERATE)

RLSA-2025:15123

rocky

3 месяца назад

Moderate: httpd:2.4 security update

ELSA-2025-15123

oracle-oval

4 месяца назад

ELSA-2025-15123: httpd:2.4 security update (MODERATE)