Release date:
2025-09-26 19:19:49 UTC
Description:
- CVE-2025-49630: fix denial of service attack triggered by untrusted clients
causing an assertion in mod_proxy_http2
- CVE-2025-23048: fix access control bypass by trusted clients in mod_ssl
configurations
- CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted
SSL/TLS clients from inserting escape characters into log file
- CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP
desynchronisation attack
Updated packages:
-
httpd-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:719ad6e90b9ee2e56e55d96275b8af75b91990fd9a9ddec69a3a9bcba6b5cd98
-
httpd-devel-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:1019a8f2c25e0fcc3339b9030fa69727d22e6da2b7aae82b4ff48bb7ea1a969b
-
httpd-filesystem-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.noarch.rpm
sha:82582ef76413b680cd08324af365812b4ca30aec426b340fcff99aa96ae1efc1
-
httpd-manual-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.noarch.rpm
sha:1052295b323ecbf608c856106acbe5e8243d1960f53f023e2a7242b30faf1c18
-
httpd-tools-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:5be81342376f0dd69a92031b985cebeb2d53718cef7c124c69103c488048898c
-
mod_ldap-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:2a25241fa751873be892cff1abdc5585f7036def17c7fb91c65ddb54656d8521
-
mod_proxy_html-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:ed611073683cc0de3da7d0ac458788650201a8d149207948d28c2d6158a167e7
-
mod_session-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:97eb1ab1a5ef186813ba49c530b70fbc13caef2080546eaf7244bb426843885e
-
mod_ssl-2.4.37-64.module_el8+2311+86be6a38.tuxcare.els3.x86_64.rpm
sha:fe65ef14e608c2b4523f06ddd067b2d21a60eb518a594aefd86a922efef13aeb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
