[CLSA-2025:1757014860] Fix CVE(s): CVE-2025-49812

Type:

security

Severity:

Important

Release date:

2025-09-04 19:41:04 UTC

Description:

   * SECURITY UPDATE: mod_ssl TLS upgrade attack
     - debian/patches/CVE-2025-49812.patch: remove antiquated 'SSLEngine
       optional' TLS upgrade in modules/ssl/ssl_engine_config.c,
       modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c,
       modules/ssl/ssl_private.h.
     - CVE-2025-49812

Updated packages:

apache2_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:705d68f6859fe469a6b64b8134588c6fa25a6e1e
apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:f7b6db14e76c484215263212f400c8e4e6688f58
apache2-data_2.4.18-2ubuntu3.17+tuxcare.els18_all.deb
sha:61bb397760f604de6ee18383a34f4425862315b3
apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:4e45dcb216c130525c1ca733234ee743ad4dd56e
apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els18_all.deb
sha:052589c5db8249ba434f464c8a4a2198e40b0aba
apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:fe46d261db3a49d48a13982058d027b1b0ad6b3e
apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:28db6b3dc1a2d24cd41ccd26cb427b27cf8c15f3
apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els18_amd64.deb
sha:cd6a5de15a09c7ea2defb14aba53ce84ac1c3fcb

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.