Release date:
2026-01-22 16:39:35 UTC
Description:
- CVE-2025-65082: fix CGI environment variable injection by preventing HTTP
headers from overriding server-set variables and added regression tests
- CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting
the undocumented RequestHeader note option
Updated packages:
-
httpd-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:a926cad226fe78f6e3b5a813121ea1d17876161b0947805c2a15983d62ad96c9
-
httpd-core-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:032d806e68270b966a59062ec82e6b8c274f38df99110736815e253a3181cd98
-
httpd-devel-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:a5bd10cf9ba5386e2a7995bb56e182611d3667f7b2ffc64f33389789f879a06e
-
httpd-filesystem-2.4.62-4.el9_6.4.tuxcare.els2.noarch.rpm
sha:6dda0946159cec95b14f207438c8ef57358a4ec198329f72e2ba293c7633fa71
-
httpd-manual-2.4.62-4.el9_6.4.tuxcare.els2.noarch.rpm
sha:2e69309093a68ae84bfc6c6555389d4a883c027ea07a4fea7d74593f43f83af8
-
httpd-tools-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:4551c5e778139b61cc8a28dbb179f07877b2a58192771a3538e95fbbab8ebdfd
-
mod_ldap-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:fb4fd004eafe74dc1303aa3f8a5b9e489356d50fd18f5491730ecd387db1a6c9
-
mod_lua-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:59b0fe600988f435d58be302c613e87da8c63d5df6f1a58a11b79163ad279281
-
mod_proxy_html-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:a24e5dd842dbdd2c5017925203b9bb063f0df3c3628549bdeaddd63bbb910b4e
-
mod_session-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:985aeda3c8aac12d6f6fbf7ecc25467fad74464c1ce3a65f90a8f3cc0b930c8a
-
mod_ssl-2.4.62-4.el9_6.4.tuxcare.els2.x86_64.rpm
sha:14e25f4f045d6d1eeefda1a2a6b03caf4b73a685e82adbbc2f0f556ef9f2573b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
