Описание
ELSA-2025-23919: httpd security update (IMPORTANT)
[2.4.62-7.0.1.3]
- Replace index.html with Oracle's index page oracle_index.html.
[2.4.62-7.3]
- Resolves: RHEL-135063 - httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082)
- Resolves: RHEL-134480 - httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)
[2.4.62-7.2]
- Resolves: RHEL-123850 - mod_proxy_hcheck may stop healthchecks after a child process is reclaimed
[2.4.62-7.1]
- Resolves: RHEL-125884 - mod_ssl: allow more fine grained SSL SNI vhost check to avoid unnecessary 421 errors after CVE-2025-23048 fix
- mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
httpd
2.4.62-7.0.1.el9_7.3
httpd-core
2.4.62-7.0.1.el9_7.3
httpd-devel
2.4.62-7.0.1.el9_7.3
httpd-filesystem
2.4.62-7.0.1.el9_7.3
httpd-manual
2.4.62-7.0.1.el9_7.3
httpd-tools
2.4.62-7.0.1.el9_7.3
mod_ldap
2.4.62-7.0.1.el9_7.3
mod_lua
2.4.62-7.0.1.el9_7.3
mod_proxy_html
2.4.62-7.0.1.el9_7.3
mod_session
2.4.62-7.0.1.el9_7.3
mod_ssl
2.4.62-7.0.1.el9_7.3
Oracle Linux x86_64
httpd
2.4.62-7.0.1.el9_7.3
httpd-core
2.4.62-7.0.1.el9_7.3
httpd-devel
2.4.62-7.0.1.el9_7.3
httpd-filesystem
2.4.62-7.0.1.el9_7.3
httpd-manual
2.4.62-7.0.1.el9_7.3
httpd-tools
2.4.62-7.0.1.el9_7.3
mod_ldap
2.4.62-7.0.1.el9_7.3
mod_lua
2.4.62-7.0.1.el9_7.3
mod_proxy_html
2.4.62-7.0.1.el9_7.3
mod_session
2.4.62-7.0.1.el9_7.3
mod_ssl
2.4.62-7.0.1.el9_7.3
