[CLSA-2026:1769014292] httpd: Fix of 2 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-01-21 16:51:36 UTC
Description:
- CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration
Updated packages:
  • httpd-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:48e15a2a3c4e16206bc9ead3f3bde4edbd7ced25a2b1af4eeebb45bc272d4a96
  • httpd-devel-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:a9e58d3e772eab351241e6ac8b1516db499c87456bd50a2ef9b90494b2d27c0c
  • httpd-filesystem-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.noarch.rpm
    sha:8e2e8ab460e73151b178acb9c16e8bee68b3e87ac2eb707444dfab726fde8946
  • httpd-manual-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.noarch.rpm
    sha:4b702e99a4521a617084f495f381ea313a8395327f142ed052c3838d21262852
  • httpd-tools-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:ae399779063b71ae8eecb7a3fa222c177730281398958265c100c97522e75a81
  • mod_ldap-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:59882edad8564673f924cc8b03569c39138d025f46670e34b655b285c818592a
  • mod_proxy_html-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:6897669e6603f4f322d175e898435bd6fe5e164e23db1364d7f362ecd7b0bde8
  • mod_session-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:e42fbccfa614d35c8a6e96ac38c9127a08340eb446be13c0befa1036e0b5e627
  • mod_ssl-2.4.37-64.module_el8+2338+ca31203e.tuxcare.els5.x86_64.rpm
    sha:91ae61f566305f679bb8adb13a23fb917b2d41b57e6c41fe5455397d710d1071
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.