ELSA-2025-23919

ULN >
Oracle Linux Errata repository >
ELSA-2025-23919

ELSA-2025-23919 - httpd security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-22

Description

[2.4.62-7.0.1.3]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.62-7.3]
- Resolves: RHEL-135063 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable
override (CVE-2025-65082)
- Resolves: RHEL-134480 - httpd: Apache HTTP Server: Server Side Includes adds
query string to #exec cmd=... (CVE-2025-58098)

[2.4.62-7.2]
- Resolves: RHEL-123850 - mod_proxy_hcheck may stop healthchecks after a child
process is reclaimed

[2.4.62-7.1]
- Resolves: RHEL-125884 - mod_ssl: allow more fine grained SSL SNI vhost check
to avoid unnecessary 421 errors after CVE-2025-23048 fix
- mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default

Related CVEs

CVE-2025-58098

CVE-2025-65082

CVE-2025-66200

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	httpd-2.4.62-7.0.1.el9_7.3.src.rpm	a3b184a08f72c312dddac413d009a0198d8816cbc62e7143caf3bff62b282464	-	ol9_aarch64_appstream
	httpd-2.4.62-7.0.1.el9_7.3.aarch64.rpm	a5d3a8a5b6d68ccd6d836d52ff1cbdb5a845262d5b602216dfe72b8ba2f895f7	-	ol9_aarch64_appstream
	httpd-core-2.4.62-7.0.1.el9_7.3.aarch64.rpm	b54b028614276c5bf0b2847a45af039dde7a370a9c97d933faff3e9d8a5a07d5	-	ol9_aarch64_appstream
	httpd-devel-2.4.62-7.0.1.el9_7.3.aarch64.rpm	ad81c58714b323c1b9193ccdf2dc1456e39d233205c031f8ba6681121221697c	-	ol9_aarch64_appstream
	httpd-filesystem-2.4.62-7.0.1.el9_7.3.noarch.rpm	9f164c8d55e5492c03ea3443ec5abb76dce408085c0eb10d9be10f67f4171ff5	-	ol9_aarch64_appstream
	httpd-manual-2.4.62-7.0.1.el9_7.3.noarch.rpm	a21f109e9e010a2180f190f448cb56f5e888804c0574fcef99c6da5191a79d7d	-	ol9_aarch64_appstream
	httpd-tools-2.4.62-7.0.1.el9_7.3.aarch64.rpm	df7c27b694acdb5857f2ccbd01a4c364ff26dd2d5fac4f500f345ebde6e29686	-	ol9_aarch64_appstream
	mod_ldap-2.4.62-7.0.1.el9_7.3.aarch64.rpm	9a808dfe01afef82904a46850cec727d3a36274c575597e936b12733c9464c83	-	ol9_aarch64_appstream
	mod_lua-2.4.62-7.0.1.el9_7.3.aarch64.rpm	5a40730db48a2f231683e665b1360b4357f600acf007d673c090a9d4a289d8b8	-	ol9_aarch64_appstream
	mod_proxy_html-2.4.62-7.0.1.el9_7.3.aarch64.rpm	9e117e0f433862e9d06dff9541397f5a14cdd2fff0036709ed6fa027dc881f5a	-	ol9_aarch64_appstream
	mod_session-2.4.62-7.0.1.el9_7.3.aarch64.rpm	8d4127aee3a764b593c0b4cb0e6853c97757125b3f07ce4fdca6fd6a700d1899	-	ol9_aarch64_appstream
	mod_ssl-2.4.62-7.0.1.el9_7.3.aarch64.rpm	ef5f50205eadbb2437b8ce7997a6b8e796cc7f1c283c3d75b3939043e758a03f	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	httpd-2.4.62-7.0.1.el9_7.3.src.rpm	a3b184a08f72c312dddac413d009a0198d8816cbc62e7143caf3bff62b282464	-	ol9_x86_64_appstream
	httpd-2.4.62-7.0.1.el9_7.3.x86_64.rpm	1425b9c50213741f17a1a5555cde48a336133a417b2e516b65c8f804afd83849	-	ol9_x86_64_appstream
	httpd-core-2.4.62-7.0.1.el9_7.3.x86_64.rpm	2fbe288897f8fc17d5a9b8f36959dd9367f66e222f09c697d728c3360b5cc999	-	ol9_x86_64_appstream
	httpd-devel-2.4.62-7.0.1.el9_7.3.x86_64.rpm	4af2aacaf88ca73aee78ad27d333079c9f623f844c8cb6ba9cc27c2566fc355d	-	ol9_x86_64_appstream
	httpd-filesystem-2.4.62-7.0.1.el9_7.3.noarch.rpm	9f164c8d55e5492c03ea3443ec5abb76dce408085c0eb10d9be10f67f4171ff5	-	ol9_x86_64_appstream
	httpd-manual-2.4.62-7.0.1.el9_7.3.noarch.rpm	a21f109e9e010a2180f190f448cb56f5e888804c0574fcef99c6da5191a79d7d	-	ol9_x86_64_appstream
	httpd-tools-2.4.62-7.0.1.el9_7.3.x86_64.rpm	f9ee277184b0a6da9d1d27d1886761deb21fef5c22039aff15a5adc9bf1347f6	-	ol9_x86_64_appstream
	mod_ldap-2.4.62-7.0.1.el9_7.3.x86_64.rpm	d00af82df8d1a4f314bd0deb2c045b15a85d72ff7e8d96250d5b4fb0e2cb19e9	-	ol9_x86_64_appstream
	mod_lua-2.4.62-7.0.1.el9_7.3.x86_64.rpm	fea932d13c98dbc189066f692f695f73e21e66ef5266d71942c6e1c11b1c4e9e	-	ol9_x86_64_appstream
	mod_proxy_html-2.4.62-7.0.1.el9_7.3.x86_64.rpm	8b5434b93a811026bcc8c438e82776d2ced0233b597212cb9da30c69ee6e34c7	-	ol9_x86_64_appstream
	mod_session-2.4.62-7.0.1.el9_7.3.x86_64.rpm	d97396ec992a39c26f2d42e86204db3e990e145baf8cff40808be8b215af2ac4	-	ol9_x86_64_appstream
	mod_ssl-2.4.62-7.0.1.el9_7.3.x86_64.rpm	f4a3c507d781d2ba76edb52c67beaabdb83324dcf2eb07bc0bd25775602059df	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691