Описание
ELSA-2025-23932: httpd security update (IMPORTANT)
[2.4.63-4.0.1.3]
- Replace index.html with Oracle's index page oracle_index.html.
[2.4.63-4.3]
- Resolves: RHEL-135052 - httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135035 - httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082)
- Resolves: RHEL-134467 - httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)
[2.4.63-4.2]
- Resolves: RHEL-125894 - mod_ssl: allow more fine grained SSL SNI vhost check to avoid unnecessary 421 errors after CVE-2025-23048 fix
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
httpd
2.4.63-4.0.1.el10_1.3
httpd-core
2.4.63-4.0.1.el10_1.3
httpd-devel
2.4.63-4.0.1.el10_1.3
httpd-filesystem
2.4.63-4.0.1.el10_1.3
httpd-manual
2.4.63-4.0.1.el10_1.3
httpd-tools
2.4.63-4.0.1.el10_1.3
mod_ldap
2.4.63-4.0.1.el10_1.3
mod_lua
2.4.63-4.0.1.el10_1.3
mod_proxy_html
2.4.63-4.0.1.el10_1.3
mod_session
2.4.63-4.0.1.el10_1.3
mod_ssl
2.4.63-4.0.1.el10_1.3
Oracle Linux x86_64
httpd
2.4.63-4.0.1.el10_1.3
httpd-core
2.4.63-4.0.1.el10_1.3
httpd-devel
2.4.63-4.0.1.el10_1.3
httpd-filesystem
2.4.63-4.0.1.el10_1.3
httpd-manual
2.4.63-4.0.1.el10_1.3
httpd-tools
2.4.63-4.0.1.el10_1.3
mod_ldap
2.4.63-4.0.1.el10_1.3
mod_lua
2.4.63-4.0.1.el10_1.3
mod_proxy_html
2.4.63-4.0.1.el10_1.3
mod_session
2.4.63-4.0.1.el10_1.3
mod_ssl
2.4.63-4.0.1.el10_1.3
