Release date:
2025-09-26 19:36:01 UTC
Description:
- CVE-2025-49630: fix denial of service attack triggered by untrusted clients
causing an assertion in mod_proxy_http2
- CVE-2025-23048: fix access control bypass by trusted clients in mod_ssl
configurations
- CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP
desynchronisation attack
- CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted
SSL/TLS clients from inserting escape characters into log files
Updated packages:
-
httpd-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:76f4763623fcca9011a2bccbea3e4bd7bc40aab4a3d291d86f6926948e3df85e
-
httpd-devel-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:414f0781df433436fa54a610d5c05596817b1fab62196ef8282dbfb73b294b79
-
httpd-filesystem-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.noarch.rpm
sha:1c9e2cb0f51bdcac7297852f03eea0d71dde6e0c6e3cc478abfeb7a04fa5f701
-
httpd-manual-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.noarch.rpm
sha:b9c5f2ed2dcc6b8cf9b4e67169d945a215f3f37c026afc260d61aec3b0291a8c
-
httpd-tools-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:30972ce8ac976fb2ed0ba906d7e6fa9d91d30ba18c97c0c9ee2dbd2c2c0cf82b
-
mod_ldap-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:17780af127737dc0ea640bd02c1803d7d8d8e47f83e6134b7a1d80a65d37e937
-
mod_proxy_html-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:8752d96afda386c4ae0605c884778d2195ca3ae63176056a4099d2b538c72639
-
mod_session-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:f26770dd20f929be364515731f7e4445e342d2dd54c3256668c951b5b742f425
-
mod_ssl-2.4.37-43.module_el8.5.0+2310+48d56fe5.tuxcare.els15.x86_64.rpm
sha:5a60e56b1c46486990d191b265d52aeaac5452bf009b94c32fb57d41e7909461
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
