ELSA-2026-21391

ULN >
Oracle Linux Errata repository >
ELSA-2026-21391

ELSA-2026-21391 - httpd security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-23

Description

[2.4.62-13.0.1.el9_8.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.62-13.1]
- Resolves: RHEL-173555 - httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary
code execution via heap-based buffer overflow (CVE-2026-28780)
- Resolves: RHEL-175080 - httpd: NULL pointer dereference can cause a child
process crash (CVE-2026-33007)
- Resolves: RHEL-175100 - httpd: off-by-one out-of-bounds reads in AJP getter
functions (CVE-2026-33857)
- Resolves: RHEL-175028 - httpd: heap-based buffer over-read due to missing
null-termination check (CVE-2026-34032)
- Resolves: RHEL-175062 - httpd: heap-based buffer over-read and memory
disclosure in ajp_parse_data() (CVE-2026-34059)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.62-13.0.1.el9_8.1.src.rpm	e8630e5479bd01efa0eaa2252539604abaf50bb2ad1b7cb40e273a9afb8c7e96	-	ol9_aarch64_appstream
	httpd-2.4.62-13.0.1.el9_8.1.aarch64.rpm	d556571b2d5f7b7e44fc3981572a1109a91e6afe290cd3668cd8ab7679889961	-	ol9_aarch64_appstream
	httpd-core-2.4.62-13.0.1.el9_8.1.aarch64.rpm	3b05e3244f448db14d1be2372c1dd01570b0daf917283b0ee72ffa993622f49e	-	ol9_aarch64_appstream
	httpd-devel-2.4.62-13.0.1.el9_8.1.aarch64.rpm	e74421a126c793c16eb548f3a10915ae2de6d26347f9b14904541c861ee59654	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.62-13.0.1.el9_8.1.noarch.rpm	5253489661393e1b2c7ea08d9113de2fa16f08b9a945c9616c3debde9d6e7558	-	ol9_aarch64_appstream
	httpd-manual-2.4.62-13.0.1.el9_8.1.noarch.rpm	7000271989076f48ceabb1dea887f9ff89f18175c0dc44663c089ac41fbca121	-	ol9_aarch64_appstream
	httpd-tools-2.4.62-13.0.1.el9_8.1.aarch64.rpm	322222f0d66a0e6d1fbd102c79ac6eeef22742e637046b93ed452f7dfe2b9b5b	-	ol9_aarch64_appstream
	mod_ldap-2.4.62-13.0.1.el9_8.1.aarch64.rpm	599e9281eefd9a7e97015b3a44b27b364bc9708f75a22708355e6e82e24ed110	-	ol9_aarch64_appstream
	mod_lua-2.4.62-13.0.1.el9_8.1.aarch64.rpm	147dd835e647502088c08fff2840f296a3d6ccf8192489bf3b1ed47b800c12bc	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.62-13.0.1.el9_8.1.aarch64.rpm	0fb8e41d9b75c60b6619c3489f3baf99a80f54cee0e39ba6fd74bab9f07e5eae	-	ol9_aarch64_appstream
	mod_session-2.4.62-13.0.1.el9_8.1.aarch64.rpm	c144d278df6e2634d3a63fcdb70008aa7b22569a60e45a648cc96fdc6c91604d	-	ol9_aarch64_appstream
	mod_ssl-2.4.62-13.0.1.el9_8.1.aarch64.rpm	4a500c0c7d2fbe4a57d59da754053f92e915fd61d397ff4baa39b6bc3700c293	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.62-13.0.1.el9_8.1.src.rpm	e8630e5479bd01efa0eaa2252539604abaf50bb2ad1b7cb40e273a9afb8c7e96	-	ol9_x86_64_appstream
	httpd-2.4.62-13.0.1.el9_8.1.x86_64.rpm	5b71b7777d1ef2928da541c199304d052b8095ddcbc76a62da8592ebd390160e	-	ol9_x86_64_appstream
	httpd-core-2.4.62-13.0.1.el9_8.1.x86_64.rpm	461249f468e8dc2831cd6dfe8443eb21be0a5be256d064759f046fab5859fb44	-	ol9_x86_64_appstream
	httpd-devel-2.4.62-13.0.1.el9_8.1.x86_64.rpm	c774cbace8222951ef2b84abdd3eb7f5435d67e0cd6f0093e88b52d88b8f2a58	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.62-13.0.1.el9_8.1.noarch.rpm	5253489661393e1b2c7ea08d9113de2fa16f08b9a945c9616c3debde9d6e7558	-	ol9_x86_64_appstream
	httpd-manual-2.4.62-13.0.1.el9_8.1.noarch.rpm	7000271989076f48ceabb1dea887f9ff89f18175c0dc44663c089ac41fbca121	-	ol9_x86_64_appstream
	httpd-tools-2.4.62-13.0.1.el9_8.1.x86_64.rpm	8951301c33cd7d0a4da942c569d3ac761f8f24e2ae511b8325a00e14ea911a2b	-	ol9_x86_64_appstream
	mod_ldap-2.4.62-13.0.1.el9_8.1.x86_64.rpm	7738c3228c5e2b1c0c364f3a40305ec56124f79834d7f40c09e44298ea500e82	-	ol9_x86_64_appstream
	mod_lua-2.4.62-13.0.1.el9_8.1.x86_64.rpm	6320d1df1574d79a55c408733e0679b6f237aeaaa776c26df49b3fb4a69a6b2f	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.62-13.0.1.el9_8.1.x86_64.rpm	36def1ba36969466113b8ea7d2e3b484e3b583a83a3f9242a4cb8540cc9f4d6e	-	ol9_x86_64_appstream
	mod_session-2.4.62-13.0.1.el9_8.1.x86_64.rpm	46d1af6a9f3f3a5fb0cfc9872999e1a185a07dc652c82530c78d7bb21f4c7f9b	-	ol9_x86_64_appstream
	mod_ssl-2.4.62-13.0.1.el9_8.1.x86_64.rpm	06ab13d00d263636cb74e4cb4b1f5fc97049c864d733c605293a41232587311f	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691