Release date:
2026-01-12 10:18:00 UTC
Description:
- CVE-2025-65082: fix CGI environment variable injection by preventing HTTP
headers from overriding server-set variables
- CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting
the undocumented RequestHeader note option
Updated packages:
-
httpd-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:70cb4c4886edb0be629550c24281e7aad52d990c3b3f25b940e400878f673787
-
httpd-core-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:fe28657bb5337a33878c2e5616d6d264181f601d1991df96e0f33d424b860d09
-
httpd-devel-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:cd98ac1659ed7197df932e1de833b79eaa364380106e1fdc57d87cd5be45dbd9
-
httpd-filesystem-2.4.53-11.el9_2.5.tuxcare.els10.noarch.rpm
sha:41e0657b1d3d084b3799c762dbe8c9f92d749493bcb6f7993ef6e807702b31ee
-
httpd-manual-2.4.53-11.el9_2.5.tuxcare.els10.noarch.rpm
sha:aec671ec35f04d4ac5c72b1f47281e20fbadda59ed15e3ce653ea6be861211e7
-
httpd-tools-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:bac18d3a7fdad04d0e4c863186007b1063455ca6be7b1eba8b5bfd3ac0c404d1
-
mod_ldap-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:2370dba3a402e7f99829fb629e269a0e37406db2e10b72d7d0fbbcf5ffcc6041
-
mod_lua-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:f03621aa6834b733bf6cc46f0857ccb3ac873c4ae442070c67ea476708ff85b7
-
mod_proxy_html-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:d817a392b99d162b49adbe6b85b4b1ef0deac6d17d6961340f6dd29e9aea29d5
-
mod_session-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:9672037d5c1bef9cb8ece213e359addb21f9ecac54834440f1ec3c8677a7df6c
-
mod_ssl-2.4.53-11.el9_2.5.tuxcare.els10.x86_64.rpm
sha:302805bd04da7e454d72ba8b1bb6e2310d62e49adf1bc6a94539ae3f8755ffc8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
