[CLSA-2025:1758031287] httpd: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2025-09-16 14:01:31 UTC
Description:
- CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack
Updated packages:
  • httpd-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:4565e4c0edd672a71fdebbbb2f77207b6338d0969b77ad97325a5b79b2edcfb8
  • httpd-devel-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:918607e6bdeaa463a690493a5e989893637c419db4c3ac0edfc313f597be416b
  • httpd-manual-2.4.6-99.0.5.el7_9.1.tuxcare.els6.noarch.rpm
    sha:f4f2818391af51e67aa196ed8727c8870ac621d9c94ceb42aca59e4aaff80cf8
  • httpd-tools-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:939702658a60415da964013835ca4d8aa728edfaf115fb8086e5de0efe0b0925
  • mod_ldap-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:8dc11afbecdbfb9312c4d400c832dd6a0d69f9b4630ace471552f01842c77eef
  • mod_proxy_html-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:8229cddc38c3bc7829bbe4b2243353423c196e38ddecf03e3f3786a0dbeea1d1
  • mod_session-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:a25009e6240ed05e4e653bfb462fb6bc1c0609ef562505d30597b3d4a6e0f9b7
  • mod_ssl-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm
    sha:f33e0925e7b5f0900964032ca3b36eb04f45ef869327a8126ebd1cf46eac38dc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.