CLSA-2025:1758914697

[CLSA-2025:1758914697] httpd: Fix of 4 CVEs

Type:

security

Severity:

Important

Release date:

2025-09-26 19:25:04 UTC

Description:

- CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of
  service attack in mod_proxy_http2
- CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3
  session resumption
- CVE-2024-47252: escape user-supplied data to prevent log file injection in
  mod_ssl
- CVE-2025-49812: remove support for TLS upgrade to prevent HTTP
  desynchronisation attack

Updated packages:

httpd-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:d595df77097b148d3553ebe991c2a516342553962a5e4d676dd6cd80e59ac49c
httpd-devel-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:239ea22c8fc09e92f0300e62465801813d8a06c677db85d8ad76b739ac14d3b6
httpd-filesystem-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.noarch.rpm
sha:bafe8d31396ae3a12519273f35ba3b8d254e31830fde010d18f787ecec6f7054
httpd-manual-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.noarch.rpm
sha:c41c4a37d057b886b62a078c43a49a57f85773f82d90c48581940a8be5e92602
httpd-tools-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:3af6bca36358d325a05700f0f0517cd7cb267bf59e2c7e0575a950982618591c
mod_ldap-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:76ea70315d0897b1069a369888e0166a2ee8bbfd0c7d6e2b6f1b464c7fecfe34
mod_proxy_html-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:4eb9121934392fda33c01ff98e7e345c08771e9689f3fff0b3bd7865ca7e5f17
mod_session-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:d06b6bcb4422f8bbfc5a77f2d2aa8912145d76db92ea2a1891acac70d913a930
mod_ssl-2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16.x86_64.rpm
sha:a6f039bf35cb6f8310bd45bf3a7d0de1a5fa386fa87d44e634fcd12d5ac0c332

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.