ELSA-2026-0075
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-0075
ELSA-2026-0075 - httpd security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-01-09 |
Description
[2.4.6-99.0.9.1]
- Fix CVE-2025-58098 [Orabug: 38816066]
[2.4.6-99.0.7.1]
- Fixed security update CVE-2024-47252 CVE-2025-49812 [Orabug: 38378160]
[2.4.6-99.0.5.1]
- Differentiate trusted sources [Orabug: 37100272][CVE-2024-38476]
[2.4.6-99.0.3.1]
- Opt-ins for unsafe prefix_stat and %3f [Orabug: 36904263][CVE-2024-38474][CVE-2024-38475]
- mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477]
[2.4.6-99.1.0.1]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and
fixup last [CVE-2022-31813][Orabug: 34381850]
- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
- replace index.html with Oracle's index page oracle_index.html
[2.4.6-99.1]
- Resolves: #2190143 - mod_rewrite regression with CVE-2023-25690
[2.4.6-97.7]
- Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
[2.4.6-97.6]
- Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
corrupt and mixed-up responses
[2.4.6-97.5]
- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
[2.4.6-97.4]
- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
malformed requests
- Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
ap_escape_quotes() via malicious input
- Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session
Related CVEs
| CVE-2025-58098 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | httpd-2.4.6-99.0.9.el7_9.1.src.rpm | 8972505f44eb686b0a99a9ed11878eeb7fa0018cb73ba729c53174a2233644a2 | - | ol7_x86_64_latest_ELS |
| httpd-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 98af78e6b5c90b1cba01dbbdfc9d26a57e8fccc579be002c81aa9b9fe9389c7f | - | ol7_x86_64_latest_ELS | |
| httpd-devel-2.4.6-99.0.9.el7_9.1.x86_64.rpm | df2511546ca4445f4a9a427515e8e08665941fc58bd0b6b5eef3ccd42303fc84 | - | ol7_x86_64_latest_ELS | |
| httpd-manual-2.4.6-99.0.9.el7_9.1.noarch.rpm | f14e2904002f33fd8e2466361b323d75154d3e4f54f3599ec2a09880913fb137 | - | ol7_x86_64_latest_ELS | |
| httpd-tools-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 96c790acd237394206d760aff2e3e5bbf7be2bf0049e4cc70e2394a3964f5b20 | - | ol7_x86_64_latest_ELS | |
| mod_ldap-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 1ea02f1157b7053485dd9e156e4023bceb268f82a536d2bc1d0301b87ec3dc3b | - | ol7_x86_64_latest_ELS | |
| mod_proxy_html-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 067fe93924b639c211329913f6ec09d859754d41ff989e03e8987854c4a8bda5 | - | ol7_x86_64_latest_ELS | |
| mod_session-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 7df1ef02eabd18d8ba65259dab357d56c97a975c9a0d995d18f3999118453efd | - | ol7_x86_64_latest_ELS | |
| mod_ssl-2.4.6-99.0.9.el7_9.1.x86_64.rpm | 2f729bcbc43d87b72ab4437173317fdca08dc9d4cb7ea536ac803d55427e1bce | - | ol7_x86_64_latest_ELS | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
